Another way of replacing self signed certificate if you want use same certificates for cell level and node level then follow the given below cell and node will use same certificate.
Before following steps please take backup by runing backupconfig on dmgr more detail check the following link
http://publib.boulder.ibm.com/infocenter/wasinfo/v6r1/index.jsp?topic=/com.ibm.websphere.nd.multiplatform.doc/info/ae/ae/rxml_backupconfig.htmlNote Backup config will stop the dmgr. basically this command will zip the config dir on dmgr profile.
1) stop the dmgr and all nodeagents and all application server on nodes
And then take backup of key.p12 and trust.p12 from /usr/Webspherev6.1/profile
s/dmgr/con
fig/cell/c
ellname and /usr/Webspherev6.1/profile
s/dmgr/con
fig/cell/c
ellname/no
des/nodena
me
2) Delete existing key.p12 and trust.p12 from cell level example
/usr/Webspherev6.1/profile
s/dmgr/con
fig/cell/c
ellname
3) Start the dmgr it will create new key.p12 and trust.p12 which contain 15 year certificate and make sure on adminconosle if it is create 15 years certifcate or not from adminconsole and go to SSL certificate and key management > SSL configurations > CellDefaultSSLSettings > Key stores and certificates > CellDefaultKeyStore > Personal certificates --> you will see new default with 15 year certificate.
4) Copy those new created key.p12 and trust.p12 from dmgr config ( cell level) to node config (node level)
for example
From
/usr/Webspherev6.1/profile
s/dmgr/con
fig/cell/c
ellname
To
/usr/Webspherev6.1/profile
s/dmgr/con
fig/cell/c
ellname/no
de/nodenam
e01
/usr/Webspherev6.1/profile
s/dmgr/con
fig/cell/c
ellname/no
de/nodenam
e02
/usr/Webspherev6.1/profile
s/dmgr/con
fig/cell/c
ellname/no
de/nodenam
e03
And also the following location.
/usr/Webspherev6.1/profile
s/dmgr/etc
/usr/Webspherev6.1/profile
s/Appsrv01
/etc
/usr/Webspherev6.1/profile
s/Appsrv02
/etc
/usr/Webspherev6.1/profile
s/Appsrv03
/etc .....
Depend on how many nodes you have. In the above example for 3nodes
5) Go to each node and do manually sync the node with dmgr. for example:
./syncNode.sh dmgrhostname dmgrsoapportnumber -username user -password password while doing this it may add singer under etc files at this time
type yes and enter.
6) once successfully sync the node with dmgr then start the nodeagent and check the status of nodeagent and sync status of nodeagent on console.
7) If you have any third party certificate in earlier trust.p12 that uses for your application then you might need to add those certificate on new trust.p12 at cell level like extracting all thirparty certificate from old trust.p12 into signer certificate on new trust.p12. if don't have third party certificate then discard this step.
8) If you have ssl between plugin and websphere then get the personal certificate from newly created key.p12 by extracting and add that extracted certificate under singer certificate of plugin kdb file that using plugin-cfg.xml after that restart the webserver. if don't have ssl between plugin and websphere then discard this step
