I’m working on OAM 101.1.4.3 environment which is setup in CERT mode. I noticed that OAM Servers have stopped working and are not coming up. Furthermore I’ve identified that OAM certificates are expired.
Here are the steps you need to do to renew the certs:
- Get the new certificates.
- Prepare it as ois_cert.pem, ois_key.pem and ois_chain.pem certificates for Identity server and WebPass. You should have private key password handy. Similarly prepare certs aaa_key.pem, aaa_cert.pem and aaa_chain.pem and aaa_server.pem for Access Server and Policy Manager and WebGates.
- Place the above certs in either <identity>/oblix/config and <access>/oblix/config appropriately.
- Pick up the passsword.xml present in <OAM_Component>/oblix/config folder and observe the password encrypted.
- Use the tool obencrypt.exe which is available in OAM 10.1.4.0.1 webgates (and not in higher versions) and run the command obencrypt.exe key_pwd
- The above command gives encrypted password output.
- Place this encrypted password in password.xml.
- Restart OAM Identity and Access Servers along with WebServer.
NOTE: There would be a different way to renew certificate using configure_AAA_Server that would encrypt the key password behind the scenes but I am not convering this here.