Certificates used by application have expiration date. They should be re-created and updated before this date. Maintenance of certificates is responsibility of the system administrator.

CA certificate renewal

Before CA certificate renewal it should be replaced in advance. In case of self-generated CA it should be re-generated. In case of provided CA it should be downloaded from CA provider. All server certificated should be re-generated after CA update.

With given new CA (ca.crt) do the following steps:

Update JKS with new CA:

keytool -J-Dkeystore.pkcs12.legacy -import -alias easyrpa-root-new -keystore /opt/rpaplatform/cert/rpa-trust.jks -file ./ca.crt -storepass $(cat /opt/rpaplatform/cert/pass-p12.txt)	-noprompt -trustcacerts -deststoretype pkcs12

Copy new CA:

cp ./ca.crt /opt/rpaplatform/cert/ca.crt

Server certificate renewal

Common approach for certificate renewal:

Get new server public certificate depending on certificate type.

Update server certificate (server.crt) in following locations

cp ./server.crt /opt/rpaplatform/cert/server.crt

Re-generate certificate bundle

cat /opt/rpaplatform/cert/ca.crt /opt/rpaplatform/cert/server.crt > /opt/rpaplatform/cert/server-imt.crt

Restart stack

Certificates Maintenance

Certificates Maintenance

CA certificate renewal

Server certificate renewal