Create software token
Create a TLS server software token according to Issue software token in Certificate Manager. Note the path and file name of where the software token is stored.
- Save the software token file to a removable media.
- Make a backup copy of the current tls.p12 file in the CF service.
Copy the software token from the removable media to replace the old file <configuration_root>/certs/tls.p12.
The TLS software token must be configured in the CF service (or in all computers running CF in case of a distributed configuration).
- In cm.conf:
- Set the parameter
SSL.file
to the path and name of the new TLS key file. - Set the parameter
SSL.pin
to avoid manual intervention during start of CM servers.
Test that the new TLS server certificate works correctly and then delete the file on the removable media.
- Restart the system in order to make the changes take effect.