Replacing an expiring server certificate file (server certificate and private key, stored in jks or p12/pfx) for the TIBCO Spotfire Server

Replacing an expiring server certificate file (server certificate and private key, stored in jks or p12/pfx) for the TIBCO Spotfire Server

If you have configured HTTPS on the TIBCO Spotfire Server and the existing server certificate is expiring, then follow the steps mentioned in the resolution to replace the expiring server certificate with a new one. Here are the steps to replace a server certificate which is expiring:

1. Obtain a new server certificate and private key, stored in a Java keystore (JKS) or PKCS #12 keystore (P12/PFX).
2. Stop the TIBCO Spotfire Server.
3. Copy the keystore file to <server installation dir>/tomcat/certs folder. We suggest using the server's hostname as keystore filename.
4. Open <server installation dir>/tomcat/conf/server.xml file in edit mode and locate the section containing the configuration template for an HTTPS connector.
5. According to the new server certificate, make the appropriate changes for the settings certificateKeystoreFile, certificateKeystorePassword, certificateKeystoreType and certificateKeyAlias in the server.xml and save the file. (Copy the certificate name from tomcat/certs folder and paste it in certificateKeystoreFile setting of "server.xml")
6. Start the TIBCO Spotfire Server
7. Launch a browser and try to login to Spotfire web (with HTTPS) which would be successful.

For more details, refer to the below attached document listing similar steps in detail.
  Doc: Configuring HTTPS

• https://docs.tibco.com/pub/spotfire_server/7.11.0/doc/html/TIB_sfire_server_tsas_admin_help/GUID-58E436B3-A057-431C-B65C-92FCE34AB224.html