How to Change the AdminUI SSL Certificate?

Document ID : KB000020369
Last Modified Date : 14/02/2018
Show Technical Document Details

Description:

With the AdminUI installation, the installer adds a self-signed SSL cert that you may want to change to use your own certificate.

Solution:

Jboss is using a Java keystore and you can check its definition in the following:

Admiui_installation_location>\adminui\bin\run.conf.bat

By Default:

set "JAVA_OPTS=%JAVA_OPTS%
-Djavax.net.ssl.keyStore=%JBOSS_HOME%\server\default\conf\keyStore.jks"
set "JAVA_OPTS=%JAVA_OPTS% -Djavax.net.ssl.keyStoreType=jks"
set "JAVA_OPTS=%JAVA_OPTS% -Djavax.net.ssl.keyStorePassword=changeit"

If you create another keystore or changed the password you have to edit this file (please take a backup before modifying the file)

  1. You need to use the keytool utiliy to add the certificate to the keystore.

    To make sure that you also import the private key, you had to import this as PKCS12 format

    keytool -v -importkeystore -srckeystore MyStore.p12 -srcstoretype PKCS12 -destkeystore MyStore.jks -deststoretype JKS

    Then make sure that the private key has the same password as the keystore

    keytool -keypasswd -alias MyStore -keypass oldpass -new newpass -keystore MyKeyStore.jks

    You can find a reference of the keytool at the following location :

    http://www.sslshopper.com/article-most-common-java-keytool-keystore-commands.html

  2. You need to do some changes in the Jboss server.xml definition. It is located in.

    <SMAdminUI_Installation_location>\adminui\server\default\deploy\jbossweb.sar

    Take a backup of the file.

    Change the existing entry of keyAlias="tomcat" in Connector(https) element to

    keyAlias="Alias you created"

    Eventually change the keystorePass if you changes password of the keyStore.

    Save the file

  3. Restart SiteMinder AdminUI Service
  4. Access Wamui from internet explorer.
  5. If the browser complains about certificate import the CA root certificate into browser's CA Trusted Root certifcates .

    Close the browser and access the WamUI again.

    It will be all set.