topic Re: WFA is configured for HTTPS - How do I replace the supplied cert with a real one? in Active IQ Unified Manager Discussions

WFA is configured for HTTPS - How do I replace the supplied cert with a real one?

SCOTT_LINDLEY — Thu, 05 Jun 2025 06:05:10 GMT

I have followed the directions for configuring WFA to respond only to HTTPS requests for the Web GUI. Now I need to replace the wacky certificate that comes with the WFA install with a real one. I will need to know how to generate the CSR against the WFA server, then how to install the resulting certificate on it. Much to my surprise, I cannot find any relevant documentation for such a process on any of the NetApp WFA sites or documentation. Please advise.

Scott Lindley

Re: WFA is configured for HTTPS - How do I replace the supplied cert with a real one?

sinhaa — Sat, 13 Apr 2013 07:55:55 GMT

Hello Scott,

Your inconvenience is a valid concern.While the WFA team looks more into it, You can try the directions given in this doc. http://docs.jboss.org/jbossweb/latest/ssl-howto.html or http://www.freebsdhowtos.com/117.html

I googled it just now. I'm trying it myself to see if it works.

warm regards,

Abhishek

Re: WFA is configured for HTTPS - How do I replace the supplied cert with a real one?

sinhaa — Mon, 15 Apr 2013 07:48:39 GMT

Scott,

You need to create a new keystore for the wfa server:

New keystore:

Goto: C:\Program Files\NetApp\WFA\jboss\standalone\configuration\ and remove/rename the wfa.keystore file

cd to C:\Program Files\NetApp\WFA\jre\bin

keytool -genkey -alias "ssl keystore" -keyalg RSA -keystore "C:\Program Files\NetApp\WFA\jboss\standalone\configuration\wfa.keystore" -validity 3650

When prompted with Keystore password, give "changeit" { without quotes }

In you first and last name, provide your wfa server FQDN or hostname.

C:\Program Files\NetApp\WFA\jre\bin>keytool -genkey -alias "ssl keystore" -keyalg RSA -keystore "C:\

Program Files\NetApp\WFA\jboss\standalone\configuration\wfa.keystore" -validity 3650

Enter keystore password:

Re-enter new password:

What is your first and last name?

[Unknown]: mei-2k8r2se64-1

What is the name of your organizational unit?

...

....

Your new wfa.keystore is ready.

You can create CSR in the following way:

1. cd C:\NetApp\WFA\jre\bin

2. keytool -certreq -keystore C:\NetApp\WFA\jboss\standalone\configuration\wfa.keystore -alias "ssl keystore" -file C:\filename.csr

3. It will prompt for the password for the keystore, use "changeit"

4. Open the file C:\filename.csr , It has your required CSR which can be sent to your CA to obtain the certificate.

5. Once you download the certificate you can import it in many ways. Double click and follow there after.

Install the certificate into "Trusted Root Certificate Authorities".

Restart WFA service.

This should be done now.

Re: WFA is configured for HTTPS - How do I replace the supplied cert with a real one?

sinhaa — Mon, 15 Apr 2013 11:34:00 GMT

If you don't want to use the default keystore password, you need to update this new password in your file standalone-full.xml in folder WFA\jboss\standalone\configuration

Re: WFA is configured for HTTPS - How do I replace the supplied cert with a real one?

SCOTT_LINDLEY — Fri, 22 Nov 2013 21:21:22 GMT

Thanks! Between your excellent writeup and the links from above, I managed to get WFA properly configured. I hope this is properly covered in the GA version of WFA.