Recovering deleted certificates in SSL
The SSL configuration contains a keystore created to hold personal certificates that were deleted from other keystores in the configuration. Perform this task to recover deleted certificates.
The SSL configuration contains a keystore created to hold personal certificates that were deleted from other keystores in the configuration. On a stand alone application server the keystore is called NodeDefaultDeletedStore and on a deployment manager the keystore is called DmgrDefaultDeletedStore.
When a personal certificate is deleted from a keystore using the administrative console or in a script using the deleteCertificate AdminTask, a copy of the certificate is stored in the DmgrDeletedKeyStore or NodeDeletedKeyStore. The personal certificate takes the alias of <keystore>_<alias> > in the deleted keystore. If the alias name is already used in that deleted keystore a <unique number> is appended to the alias.
A personal certificate can be recovered from the deleted keystore by importing or exporting the personal certificate to a keystore in the configuration. To recover a personal certificate using the administrative console perform the following steps:
Tasks
- Click Security > SSL certificate and key management.
- Under Related Items, click Key stores and certificates.
- From the Keystore usages drop-down list, select Deleted certificates keystore.
- Click DmgrDefaultDeletedStore or NodeDefaultDeletedStore.
- Under Additional Properties, click Personal certificates.
- Select a certificate.
- Select Export
- Click OK.
- Perform the following:
- • Enter the keystore password of the deleted keystore.
- • Enter The alias to be assigned to the certificate (in the key store that will receive the certificate).
- • Select the ‘Managed key store' radio button.
- • Select the key store from the drop down list that will receive the certificate.
- Click Apply then OK.
To recover a personal certificate we can also use the exportCertToManagedKS AdminTask command.
Create a Secure Sockets Layer configuration PersonalCertificateCommands