3.7. What to do if your Certificates Expire

There are two kinds of certificate that can run out:

If your SSL certificate runs out then you will need to create a new one using the keys.sh script provided in the utils directory. This will be /usr/local/emboss/share/EMBOSS/Jemboss/utils in the example above. If you are launching Jemboss using a web page then you must run makeJNLP.sh again as well. This is because the SSL certificate is bundled with the signed jar files.

If, however, only the jar file certificates have expired then you only need to run makeJNLP.sh again.

Whenever any of these certificates are replaced you should stop and restart the server using the tomstop and tomstart scripts.

Should you need to use keys.sh, here is a sample session:

%cd /usr/local/emboss/share/EMBOSS/Jemboss/utils
    %mkdir tmp
    %cd tmp

Enter where to store the keys and certificates:

The '.' specifies the current directory.

Enter your surname:

Enter a password to use to create the keys with
(at least 6 characters):

This should be the same password you used when running the install-jemboss-server.sh script. If you have forgotten what you used you can see it in the tomcat conf/server.xml file. Alternatively, use a new password and replace the one in the server.xml file.

Provide the validity period for these certificates, i.e. the
number of days before they expire and new ones need to be made [90]:

The meaning of the above is obvious. The script now has all it needs and prints the following text to the screen.

Certificate stored in file <./server.cer>
Certificate stored in file <./client.cer>
Certificate was added to keystore
[Storing ./client.keystore]
Certificate was added to keystore
[Storing ./server.keystore]

The following files will have been created.

% ls
client.cer  client.keystore  server.cer  server.keystore

These files should be copied to the Jemboss resources directory. For example given this would be done by typing:

% cp *.cer *.keystore /usr/local/emboss/share/EMBOSS/jemboss/resources