The following previously answered thread may help you.
The jboss we ship is SSL enabled with a self signed cert out of the box. On OCI 7.0.x, we no longer ship Apache, and instead use Jboss to front-end the Cognos components. Theoretically, this procedure should work to replace the self signed SSL certs on each OCI operational server as well as DWH.
The Jboss certs/keys are stored in the java keystore. The password is changeit.
Contains the keystore – backup this file, and at any point, you can safely revert to your original keystore by reverting to your backup, and restarting the “SANscreen Server” service, along with all acquisition units.
Oracle ships a keytool with Java. It should be in your ..\java\bin folder
First, understand what is in the keystore by doing a verbose list
The c:\localhost.csr file is the certificate request. Submit it to your CA. Once it is approved, you want the cert returned to you in DER format. This may may or may not be a .der extension. Microsoft CA services defaults to a .cer extension.
You will be prompted for the keystore password, and you should receive:
Certificate reply was installed in keystore
At this point, if you restart the “SANscreen Server” service, you should find that it is using the CA signed certs. Your web browser should no longer throw certificate errors because the signer of the certs is not trusted
The provided steps are not in the current documentation. I have submitted the information provided to have in productized in our documentation. For clarity purposes, did you determine what the problem was?