How to renew Secure Proxy certificates
search cancel

How to renew Secure Proxy certificates

book

Article ID: 178675

calendar_today

Updated On:

Products

Mobility Suite

Issue/Introduction

 

Resolution

How to replace an expiring Secure Proxy certificate

1.       From the Mobility Admin Console > Settings > Proxies page; find the cluster with the expiring SSL certificate, under Action click Edit Cluster.

2.       Scroll down to the end of the page and remove the expiring or expired SSL certificate by clicking the X symbol.

3.       Browse to the new PKSC7 certificate file and click Open.

4.       Enter the password for the file and click Upload.

5.       Finally, click Save. The new SSL certificate will be installed onto every proxy inside the cluster within two minutes.

Versions prior to 5.3 App Proxy and prior to 5.0 Email Proxy certificate replacement procedure

Note:  This article applies to App Proxies used by Symantec Mobility 4.4 – 5.2.2

1.       From the Mobility Admin Console > Settings > App Proxy click Edit.

2.       Scroll down to the bottom of the page, select Create new, and press Save.

Note: If replacing the certificate on a version of email proxy prior to version 5.0, then select Upload and browse to the new PKCS7 certificate.

3.       When prompted to download the configuration click Download Now:

4.       Enter a secure passphrase to encrypt this configuration file:

5.       Follow HOWTO110248 to transfer the configuration file to each Secure App Proxy front-end.

Tip: Copy or write down the path to the JSON configuration file, because pressing the tab key does not function in Step 8.

6.       Mount the App Proxy .iso file as the root user:
# mount -o loop proxyisoname.iso /mnt/iso
# cd /mnt/iso
# ./configure.sh security

Note: Consider keeping the old SSL certificates for archival purposes. From a separate terminal window, run: # cp /usr/local/nginx/certs/* /root/ to transfer the old certs to the root user's home directory. If the method mentioned above does not work, an alternative option for certificate renewal is a re-installation of Secure Proxy. This will also invoke the import of a JSON configuration file. Use ./setup.sh uninstall and ./setup.sh install to re-install the proxy and its settings minding the prompts throughout the process. When there is a prompt to preserve logs, press y.

7.       When prompted to install the configuration package press Y:

8.       Input the path for the JSON configuration file and press the Enter key:

9.       Type the password from Step 4.

10.   When prompted to keep the old SSL certificates used by the proxy, select N:

11.   The new certificates will now be installed on the proxy:

Powered by Wolken Software