This process allows an administrator with root access to the NCM instance hosts to implement a new, self-signed certificate valid for ten (10) years from the date the process is completed.

• Browser errors reaching the NCM launch page indicating the security certificate has expired

• Job processing fails due to communication failures between the Application Server and Device Servers

The initial self-signed certificate implemented by NCM at time of install during installations where no CA signed certificate is implemented has a valid window the expires ten (10) years from the date of installation.

Application Server: 

1. Log into a Linux Shell on the Application Server under an account with root privileges.

2. Set NCM related shell session variables by running the following command:

   source /etc/voyence.conf

3. Relocate the Application Server's existing self Certificate Authority directory to a safe path outside of NCM by running the following command (where the {Backup Path} placeholder, including curly braces, is replaced by the full path outside of NCM you have selected as the target directory to store the backup):

   mv $VOYENCE_HOME/bin/demoCA {Backup Path}

4. Navigate to the NCM binary utilities path by running the following command:

   cd $VOYENCE_HOME/bin/

5. Run the following utilities in the order specified to recreate the NCM Application Server self CA signed SSL certificate and insert a copy into a new bundle.p12 file that can be distributed to the Device Servers (where the {Certificate Password} placeholder, including curly braces, is replaced by a simple, arbitrary password of your choosing):

   sh CA.sh -newca
   sh makekeys.sh
   perl exportcertsintopkcs.pl {Certificate Password}

6. Restart NCM services on the Application Server host by running the following command:

   service vcmaster restart

Device Server (repeat steps on each DS host):

1. Place a copy of the Application Server's newly created $VOYENCE_HOME/conf/bundle.p12 file onto each Device Server (and Report Advisor if present) host in the instance

2. Log into a Linux Shell on the Device Server under an account with root privileges.

3. Set NCM related shell session variables by running the following command:

   source /etc/voyence.conf

4. Navigate to the path were the newly created bundle.p12 file was placed, then move it into the appropriate path, overwriting the existing bundle if required, by running the following command:

   rsync --inplace bundle.p12 $VOYENCE_HOME/conf/bundle.p12

   If the rsync command is not available on the host, the following commands can be run instead:

   chown --reference=$VOYENCE_HOME/conf/bundle.p12 bundle.p12
   chmod --reference=$VOYENCE_HOME/conf/bundle.p12 bundle.p12
   cp -p bundle.p12 $VOYENCE_HOME/conf/bundle.p12

5. Import the certificate from the bundle.p12 file into the Device Server trust store by running the following command (where the {Certificate Password} placeholder, including curly braces, is replaced by the password selected in Step 5 of the Application Server section above):

  perl $VOYENCE_HOME/bin/importcertsintods.pl {Certificate Password} $VOYENCE_HOME/conf/bundle.p12

6. Restart NCM services on the Device Server host by running the following command:

   service vcmaster restart