WFA - Replace the SSL Certificate

In WFA you probably use https, and if you are a good sysadmin, you replace the SSL certificate.

I took me quite some time to replace my certificate with my "wildcard certificate" I use in my lab-environment.

Here is how I did it.





First : make sure you have your certificate with private key in pkcs12 format (password protected) Typically this is a "p12" extension.

You can do this with openssl :

openssl pkcs12 -export -out certificate.p12 -inkey privateKey.pem -in certificate.pem -certfile CACert.pem

you will be prompted for a password (you will need it later)

Ps : PEM is that typically BASE64 format you can visualize with notepad (starting and ending with the dashes)

Goto : C:\Program Files\NetApp\WFA\jboss\standalone\configuration\keystore\

Delete wfa.keystore

Goto :  C:\Program Files\NetApp\WFA\Jre\bin (or other java bin path that works)

With keytool, list your private key file "p12" or "pks" or something (pwd protected)

Keytool -v -list -keystore "your private key file" -storetype pkcs12

Write down the alias of your private key

Then convert your private key file to the store file

keytool -importkeystore -deststorepass changeit -destkeypass changeit -destkeystore "C:\Program Files\NetApp\WFA\jboss\standalone\configuration\keystore\wfa.keystore" -srckeystore "yourprivfile.pfx" -srcstoretype PKCS12 -srcstorepass Netapp12 -alias %alias%

changeit = is the default password of wfa store.
Netapp12 = is my example password of my private key file


That's it.