Requesting a new certificate

Use this procedure to request a new certificate.

  1. Log on to the LifeCycle Manager Server as Windows administrator.
  2. Open a command prompt.
  3. Go to the JSSE directory in the LifeCycle Manager Server installation path.
  4. Create a backup of the servercert keystore file.
  5. Locate and take note of the password for the servercert keystore in the keystore.password property of the lcm.properties file.
    Note: You will use this password whenever it is prompted in the steps that follow.
  6. Run this command to generate a new 'server' alias with a new private key in a new keystore, for example, servercert.new:

    keytool -genkey -alias server -keyalg RSA -keysize 2048 -dname distinguished_name -keystore servercert.new

    The distinguished_name should follow this format:

    "CN=fully_qualified_domain_name_of_LCM_server,OU=organizational_unit,O=company,L=location,C=country_code"

    where OU and L are optional.

    For example, "CN=server.company.com,OU=Development,O=Infor,L=Linkoping,C=SE".

  7. Run this command to generate a certificate request:

    keytool -certreq -alias server -file certreq.txt -ext san=dns:fully_qualified_domain_name_of_LCM_server -keystore servercert.new

  8. Send the certificate request to a trusted Certificate Authority. It may take several weeks before you receive a valid certificate from the Certificate Authority.