Switch to the Certificate tab in the information/working area. All users have access to the certificate information. However, only users who are member of a group, to which the role ADMIN has been assigned, can create a new certificate.
Figure: Bridge Certificate
The certificate tab shows the details of the currently used self-signed certificate of the Bridge.
Renewing the Self-signed Certificate
If the certificate has expired (see Valid Not After), administrators can create a new certificate by clicking Create New Certificate. The Bridge will generate a new certificate without any further confirmation. To enable the new certificate, you have to restart the Bridge. The new certificate will be valid for another 1025 days.
Make sure that you are updating your certificate if it still uses MD5 algorithm (which is deprecated as insecure). If you are updating your Bridge from a version that is still accepting MD5 certificates to a newer version, you may get locked out of your Bridge installation.
Newer Bridge versions will create self-signed certificates using SHA256.
Installing a Purchased Server Certificate
Prerequisites
To create a new Tomcat keystore and to import the purchased certificate to it, you need a machine with a Java Development Kit (JDK) installed. This does not necessarily have to be the machine the Bridge is running on.
The certificate must be available as PKCS12 file (.p12), containing the certificate as well as the intermediate and private keys. If you have already installed the certificate for your proxy services, you can just export the installed certificate as described in Importing and Exporting Proxy Server Certificates.
Creating a New keystore
Import the certificate into a new Tomcat keystore called tomcat.keystore. The keystore password has to be changeit.
<path to your JDK>/jdk1.7.0_80/bin/keytool -importkeystore -srckeystore <filename of the certificate>.p12 -srcstoretype pkcs12 -srcstorepass <password of the certificate file> -destkeystore tomcat.keystore -deststoretype jks -deststorepass changeit
Execute this command in the same folder the certificate file resides in. The output of the command should look like: