Replacing the Default Virtual Host Certificate Replacing the Default Virtual Host Certificate

The following is the procedure for replacing the default virtual host certificate.

Procedure

1. Generate a certificate signing request using one of the following methods.

   • RSA Security Console. For instructions, see Generate a Certificate Signing Request (CSR) for the Web Tier.

   • Third-party tool. Ensure that the third-party tool generates a private key and a signing request. Ensure that you enter a common name (CN) where the value is the fully qualified hostname (FQHN) of the virtual host or you will not be able to activate the virtual host certificate. For instructions, see the third-party tool documentation.

2. Send the certificate signing request to the certificate authority (CA).

3. Import the trusted root and signed virtual host certificates and make it the active certificate. For instructions, see Import a Signed Virtual Host Certificate.

4. Update each web tier after importing the new certificate. For instructions, see RSA Authentication Manager Updates.