Replacing the Default Self-Signed Certificate with a CA-Authorized Certificate

You can replace the default, self-signed certificate with one authorized by an appropriate CA.

1. Either:
   • Create a new keystore file containing the required certificate.
   • Import the required certificate into the existing install-server-store.jks keystore file.
2. Edit (as required) the following properties in the KeystoreCspRT resource template:
   • Location of keystore: Identifies the keystore file that contains the required certificate.
     Note: You can either upload a keystore to be served from the TIBCO ActiveMatrix Administrator interface; or you can enter its external location as a URL or as a pathname to a file.

     If you specify a pathname, it must be to a file that exists locally on the TIBCO ActiveMatrixBPMtime.

   • Password: The password needed to access the keystore.
   • Type: The appropriate keystore type.
3. Edit the following properties in the SslServerRT resource template:
   • Key Alias to Access Identity: Identifies the alias needed to access the certificate in the keystore.
   • Key Alias Password: The password associated with this alias.
4. Reinstall the KeystoreCspRI resource instance.
5. Reinstall the SslServerRI resource instance.