Skip to main content
OnCommand Workflow Automation 5.0
A newer release of this product is available.

Replace the default Workflow Automation SSL certificate

Contributors
PDFs

You can replace the default Workflow Automation (WFA) SSL certificate if the certificate has expired or if you want to increase the validity period of the certificate.

What you'll need

You must have root privileges for the Linux system on which you have installed WFA.

About this task

The default WFA installation path is used in this procedure. If you changed the default location during installation, you must use the custom WFA installation path.

Steps

  1. Log in as a root user on the WFA host machine.

  2. At the shell prompt, navigate to the following directory on the WFA server:

    WFA_install_location/wfa/bin

  3. Stop the WFA database and server services:

    ./wfa --stop=WFA

    ./wfa --stop=DB

  4. Delete the wfa.keystore file from the following location: WFA_install_location/wfa/jboss/standalone/configuration/keystore.

  5. Open a shell prompt on the WFA server, and then change directories to the following location:

    WFA_install_location/wfa/jre/bin

  6. Obtain the database key:

    keytool -keysize 2048 -genkey -alias "ssl keystore" -keyalg RSA -keystore "WFA_install_location/wfa/jboss/standalone/configuration/keystore/wfa.keystore" -validity xxxx

    xxxx is the number of days for the validity of the new certificate.

  7. When prompted, provide the password (default or new).

    changeit is the default password. If you do not want to use the default password, you must change the password attribute of the SSL element in the standalone-full.xml file from the following location: WFA_install_location/wfa/jboss/standalone/configuration

    Example

    <ssl name="ssl" password="new_password" certificate-key-file="${jboss.server.config.dir}/keystore/wfa.keystore"

  8. Enter the required details for the certificate.

  9. Review the displayed information, and then enter Yes.

  10. Press Enter when prompted by the following message: Enter key password for <SSL keystore> <RETURN if same as keystore password>.

  11. Restart the WFA services:

    ./wfa --start=DB

    ./wfa --start=WFA