To change an SSL certificate, you must first obtain a certificate from a CA and import it in your local keystore.


Create a local certificate by running the keytool Java utility at the command prompt.

keytool -genkey -alias mySslCertificate -keyalg RSA

The keytool utility generates a file called .keystore by using the information and password that you provide when you run the command.


Create a certificate signing request by running the following command in the Java utility.

keytool -certreq -keyalg RSA -alias mySslCertificate -file certreq.csr \
                 -keystore <your_keystore_filename>

The utility generates a file called certreq.csr.


Submit the certreq.csr file to a certificate authority, such as VeriSign or Thawte.

Procedures might vary from one CA to another, but they all require a valid proof of your identity.

The CA returns a certificate that you must import.


Import the SSL certificate in your local keystore.


Download a root certificate from the CA that signed your certificate.


Import the root certificate in your keystore by running following command in the Java utility.

keytool -import -alias root -keystore <your_keystore_filename> \ 
                 -trustcacerts -file <filename_of_the_root_certificate>

Import the SSL certificate signed by the CA (the SSL certificate must be in X509 format).

keytool -import -alias mySslCertificate -keystore <your_keystore_filename> \ 
                 -trustcacerts -file <your_certificate_filename>

The SSL certificate is installed. You can change the Web views SSL certificate or the SSL certificate for the Orchestrator client.