Hi Kirupakaran
https://docops.ca.com/ca-identity-suite/14-2/en/virtual-appliance/administering-virtual-appliance
The embedded httpd service is using the standard JDK keystore, cacerts, and the permissions have been open for this keystore file to replace any CA certs or server certs.
Administering Virtual Appliance - CA Identity Suite - 14.2 - CA Technologies Documentation
keytool -list -v -keystore /opt/CA/jdk1.8.0_71/jre/lib/security/cacerts -store-pass changeit
keytool -printcert -v -file /opt/CA/VirtualAppliance/custom/apache-ssl-certificates/localhost.crt
ls -lart /opt/CA/VirtualAppliance/custom/apache-ssl-certificates
ls -lart /opt/CA/jdk1.8.0_71/jre/lib/security/cacerts
See permission for the "config" userID.
Note: The Wildfly certs will use different keystore(s).
See if the links below are useful, if you plan to use external load balancers:
Steps to update the server cert for Wildfly for TCP 8443
Administering Virtual Appliance - CA Identity Suite - 14.2 - CA Technologies Documentation
Cheers,
A.