+

Search Tips   |   Advanced Search

Recovering deleted certificates in SSL

The SSL configuration contains a keystore created to hold personal certificates that were deleted from other keystores in the configuration. Perform this task to recover deleted certificates.

The SSL configuration contains a keystore created to hold personal certificates that were deleted from other keystores in the configuration. On a stand alone application server the keystore is called NodeDefaultDeletedStore and on a deployment manager the keystore is called DmgrDefaultDeletedStore.

When a personal certificate is deleted from a keystore using the administrative console or in a script using the deleteCertificate AdminTask, a copy of the certificate is stored in the DmgrDeletedKeyStore or NodeDeletedKeyStore. The personal certificate takes the alias of <keystore>_<alias> > in the deleted keystore. If the alias name is already used in that deleted keystore a <unique number> is appended to the alias.

A personal certificate can be recovered from the deleted keystore by importing or exporting the personal certificate to a keystore in the configuration. To recover a personal certificate using the administrative console perform the following steps:


Tasks

  1. Click Security > SSL certificate and key management.

  2. Under Related Items, click Key stores and certificates.

  3. From the Keystore usages drop-down list, select Deleted certificates keystore.

  4. Click DmgrDefaultDeletedStore or NodeDefaultDeletedStore.

  5. Under Additional Properties, click Personal certificates.

  6. Select a certificate.

  7. Select Export

  8. Click OK.

  9. Perform the following:

    • • Enter the keystore password of the deleted keystore.
    • • Enter The alias to be assigned to the certificate (in the key store that will receive the certificate).
    • • Select the ‘Managed key store' radio button.
    • • Select the key store from the drop down list that will receive the certificate.

    • Click Apply then OK.

To recover a personal certificate we can also use the exportCertToManagedKS AdminTask command.

  • Create a Secure Sockets Layer configuration
  • PersonalCertificateCommands