The system encrypts the communication between the Store nodes with self-signed certificates generated during the installation.

Use the following procedure to replace these certificates.

1. Make sure you have the following files in .pem format - use exactly the file names listed below:

   1. CA certificate - custom-es-ca-cert.pem - if there are several CA certificates (root CA and intermediate CAs) - the pem file should contain all certificates concatenated (one after the other).

   2. New Store certificate - dpod-es-server-cert.pem

   3. New Store certificate key - dpod-es-server-key.pem

2. Stop all the application services using app-util.sh (In a Cell Environment, stop the cell manager as well as all the cell members).

3. Configure DPOD (In a Cell Environment, configure the cell manager as well as all the cell members):

   1. Log in to DPOD's server using SSH.

   2. Create a new custom keys directory:

      mkdir -p /app/keys/store/custom

   3. Copy the pem files to this directory. i.e.:

      ls /app/keys/store/custom custom-es-ca-cert.pem dpod-es-server-cert.pem dpod-es-server-key.pem

   4. Create the CA certificate bundle:

      cat /app/keys/store/dpod-es-ca-cert.pem /app/keys/store/custom/custom-es-ca-cert.pem > /app/keys/store/custom/dpod-es-ca-cert.pem

   5. Deploy the files to the Store server nodes:

   6. Configure the Store server nodes with the new DN:

4. Start all the application services using app-util.sh (In a Cell Environment, start the cell manager and all the cell members).