I have a secondary hub that is a tunnel server. After upgrading that hub, the tunnel server would not start. I downgraded to 23.4.4 and the tunnel starts.  I am still having issues getting the tunnel working again, but this is not helping. I know that I need new certs to get the tunnel connecting on both sides, but it doesn't make sense that 23.4.7 will not even allow the tunnel to start. I hit the Start button and it does nothing.

• Upgraded from 23.4.6 to 23.4.7

• Changes to SHA algorithm in CU7

1. Login first and select the CU6 links. Download the hub and robot 23.4.6. You may have to hit the link once again after logging in.
   
   DX UIM Cumulative Updates and Patches

2. Back up the hub cfg's, e.g., to hub.cfg-old

3. IMPORTANT - You MUST downgrade the hubs to 23.4.6 (e.g., use local IM pointed to the local hubs and downgrade them on both sides)

4. In the "Tunnel" tab on hub GUI, on the tunnel server, first delete any certs issued by the tunnel server, then uncheck the "Active" box to turn off the tunnel server

5. Edit hub.cfg and remove the <server> and <CA> sections from under <tunnel>

6. Delete all contents of /hub/certs/

7. On the tunnel clients, delete the client connections, or remove the entries in hub.cfg under <tunnel> <clients> and delete any certs in hub/certs/ and restart those hubs also

8. Then on the tunnel server, click 'Active', it should create a new CA without prompting you because you deleted the old <CA> and <server> and all the certs

9. Now issue the new certs for the clients and set up the clients as if they were "brand new" hubs

10. hub 23.4.6 will create all the certs with SHA384, so then you don't even need to worry about applying the hotfix (23.4.7.1) and upgrade directly to 23.4.7