RTC V7: how to change the certificate in liberty server?
One answer
If you have a key store from which a signing request was made and sent to some CA, the new certificate receive into the key store, you can configure Liberty to use those key stores rather simply.
<keyStore id="defaultKeystore" location="key.p12" type="PKCS12" password="{xor}#NSO#ENHWEF">Modify the location for the key store if the location doesn't start with / or c:\ the location is relative to the Liberty server definition. type denotes the key store type, the default is JKS. To get the encoding for your key store password use the Liberty/bin/securityUtility
{xor}OS0+MjooMC00
Copy paste the whole bit from the securityUtility for password= value
The defaultTrustStore can be defined in a similar fashion.
You may need an ssl section to hook your certificates file to the http endpoints:
<ssl keyStoreRef="defaultKeyStore" trustStoreRef="defaultKeyStore" sslProtocol="TLSv1.2" id="sslRep" />
The clm server that gets created has only a few references to keyStore so it is probably enough to provide your own key store file / password here:
<ssl id="defaultSSLConfig" keyStoreRef="defaultKeyStore" sslProtocol="SSL" enabledCiphers="TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 TLS_RSA_WITH_AES_128_CBC_SHA256 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA TLS_RSA_WITH_AES_128_CBC_SHA TLS_DHE_RSA_WITH_AES_128_CBC_SHA TLS_DHE_RSA_WITH_AES_128_CBC_SHA256"/>
<keyStore id="defaultKeyStore" location="ibm-team-ssl.keystore" type="JCEKS" password="{xor}Nj0ycis6PjI="/>