When the GRIA client receives a response message from a service, it looks at the Common Name (CN) of the X.509 certificate that signed the message. The CN must match the Fully Qualified Domain Name (FQDN) of the server to which the message was sent. If not, you will get this error message:

Message sent to 'newname.com', but reply signed by certificate with common name 'oldname.com'

Therefore, you need to get a new certificate for your server. The easiest way to do this is to create a new keystore, as you did when first installing the service:

1. Go to the Admin page for the services.
2. Click on Keystore setup.
3. Set the Host name to the new server's name (e.g. "newname.com").
4. Click on Generate keystore.
5. Get a signed certificate from your Certificate Authority (CA), as before.
6. Upload the keystore with the signed certificate using the form at the bottom of the page.
7. If tomcat is configured to use a separate copy of the keystore for transport layer security (HTTPS), then change tomcat's keystore too.
8. Return to the main Admin page.

Message sent to 'oldname.com', but reply signed by certificate with common name 'newname.com'

We need to tell the service about its new name:

1. Click on Endpoints configuration.
2. Update the host name in the address.
3. Return to the Admin page.

1. Click on Access control at the top of the page.
2. Select the http://www.it-innovation.soton.ac.uk/grid/resource/group resource type.
3. Check the access control rules for each group, updating the service name where necessary.

• management-services says which management services (such as the SLA service) can manage a functional service (such as the data service). So, if you change the name of the SLA service then all functional services must have this group updated so that the SLA service can still collect usage reports. You must also add the new service to the data service's list of management services.
• sla-managed-services says which services can use the SLA service to manage their resources. If you rename a functional service (such as the data service), then you must update this group in the SLA service.
• account-billing-services says which services can bill using the account service. Normally, this is just the SLA service. Update it if the SLA service is renamed.