cancel
Showing results for 
Search instead for 
Did you mean: 

How to change the SSL certificatePD listens on

SOLVED
Go to Solution
vinny_optiv
New Member
0 Kudos

How to change the SSL certificatePD listens on

On initial install I used IP address instead of hostname in my lab. I want to change this to use the hostname on the SSL cert.

Is this possible?

 

Thanks

3 REPLIES
UnboundID _-rc-_
UnboundID
0 Kudos

Re: How to change the SSL certificatePD listens on

It sounds like you want to replace the self-signed certificate the server was set up which used a numeric IP address. This is a command similar to what setup runs which will let you replace the current certificate:

 

keytool -genkey -alias server-cert -dname "CN=hostname.example.com, O=Ping Identity Self-Signed Certificate" -keyalg RSA -keysize 2048 -keystore config/keystore -storepass $(cat config/keystore.pin) -keypass $(cat config/keystore.pin) -validity 7300

 

Run this the root directory of the server, before replacing the certificate:

keytool -list -v -keystore config/keystore -storepass $(cat config/keystore.pin)

 

To make sure this displays the current certificate to replace, e.g.

$ keytool -list -v -keystore config/keystore -storepass $(cat config/keystore.pin)

Creation date: Jan 18, 2018
Entry type: PrivateKeyEntry
Certificate chain length: 1
Certificate[1]:
Owner: CN=192.168.0.1, O=Ping Identity Self-Signed Certificate
Issuer: CN=192.168.0.1, O=Ping Identity Self-Signed Certificate

 

Important: If your certificate is not self-signed where the Owner and Issuer are the same, you have to create a Certificate Signing Request (CSR) and get a new certificate from your Certificate Authority instead of following these steps. The steps to replace a CA-issued certificate are documented in the product Security Guide.

 

vinny_optiv
New Member
0 Kudos

Re: How to change the SSL certificatePD listens on

Thanks for the quick response

When I ran it i got error saying alias already exists and does not overwrite it.

 

 

UnboundID _-rc-_
UnboundID
0 Kudos
Solution

Re: How to change the SSL certificatePD listens on

Yes, try using keystore-new and verify the contents have what you want, then you can replace the existing keystore by moving the old file out and replacing with the new one.