Replacing a certificate

The certificate in the keystore expires based on the certificate lifetime set on the policy server. After the certificate expires, the -action replcert option must be used to generate a new certificate. The new certificate replaces the existing certificate in the application server keystore file.

If a certificate become compromised, the -action replcert option can be used to invalidate an existing certificate.

java com.tivoli.pd.jcfg.SvrSslCfg -action replcert\
-admin_id sec_master-admin_pwd secpw \
-appsvr_id PDPermissionjapp -cfg_file c:/am/config_file.conf

Parent topic: Configure appservers into the domain