4 Replies Latest reply on Oct 18, 2013 2:29 PM by Bill Robinson

    Certificate Expiration

    Jim Campbell

      Thanks to roaming profiles on my new laptop I am having to accept the certificate each time I use the CLI now.  However, i have noticed this in the CLI message regarding accepting the certificate :


      Valid from:           Sun Nov 07 07:59:41 EST 2010

      Valid to:             Thu Nov 07 07:59:41 EST 2013


      Does this mean the certificate that was created when we re-installed 8.0 in 2010 is about to expire?  Do I have to reissue it, and if so is that going to require editing all of the PXE images we use for server builds ?

        • 1. Re: Certificate Expiration

          Yes, you will have to generate a new certificate and then use the blasadmin utilty to set the password

          If you know , what was the password used when you installed bsa before, you can use the same password and just copy the certificates

          but you may want to generate a new one with new password


          keytool -genkey -alias blade -keyalg RSA -keysize 1024 -dname "CN=hostname" -keypass <keystore_password> -storepass <keystore_password> -keystore bladelogic.keystore" -validity <number od days>


          copy the bladelogic.keystore into all the subdirectories of br\deployments


          Verify the settings within the blasadmin utility, using the following commands:
          show app CertStore


          You may also need to set the password of the certificate using these commands


          Blasadmin -a
          set ProcessSpawner KeystorePassword <password>
          set app CertPasswd <password>


          Blasadmin -s _spawner
          set ProcessSpawner KeystorePassword <password>
          set app CertPasswd <password>


          blasadmin -s _launcher
          set appserverlauncher KeyStorePassword <password>


          Check this for all the deployments you have, under br/deployments  ( the appserver instances on that box)

          Stop and restart appserver service


          I dont think you need to worry about PXE images at all, only if you have a seprate PXE server, you may have to copy the certificate in its deployment directory as you do with other appservers

          1 of 1 people found this helpful
          • 2. Re: Certificate Expiration
            Bill Robinson

            there's actually a utility called 'blmkcert' that takes less arguments than the keytool to generate the certificate.  the procedure to change out the keystore is noted here:



            • 3. Re: Certificate Expiration
              Jim Campbell

              Thanks, working on it now.  Do PXE images require updating?  I know when we uninstalled and reinstalled upgrading from 7.6 to 8.0 we ended up having to edit all of our PXE images to include the new certificate that was generated.

              • 4. Re: Certificate Expiration
                Bill Robinson

                Yeah – you can do it on pxe too…