App Control: How to Replace Server Certificate in Version 7.x and Higher

App Control: How to Replace Server Certificate in Version 7.x and Higher

Environment

  • App Control Server: 7.x and Higher
  • Microsoft Windows: All Versions

Objective

To replace the App Control Server certificate used for agent communication.

Resolution

  • If self-signed certificate is used, automatically create a new self-signed certificate with new expiration date.
On the App Control console:
  1. Go to Administration
  2. Click on System Configuration
  3. Click on Security tab
  4. Click Edit
  5. Make any necessary updates such as previous server names: App Control: Using the Subject Alternative Name Field When Generating a Certificate
  6. Click Generate
  • If using a CA issued certificate:
  1. Obtain a new unexpired CA issued certificate and apply it in the App Control Console
  2. Import the CA signed certificate at the bottom of the Security Tab page under the section "Import Server Certificate From PKCS12 File".

Additional Notes

  • Newly generated certificates can be found on the local certificate manager of the server
  • App Control uses an SSL certificate to verify agent to server communication.   This certificate is set (by default) to expire after two years, and needs to be regenerated.
  • The Edit button will be missing if Certificate Verification is enabled. Refer to Related Content if it needs to be disabled.
  • Please confirm there are no spaces in the "Department" field of the self-signed certificate, otherwise the new certificate will not generate and an error regarding the parameters will occur. The existing certificate will also be invalidated upon error.
  • If the clock is off on the App Control server when regenerated a GetSslError[32] error may be seen and the clock may need to be fixed and cert regenerated

Related Content


Labels (1)
Tags (2)
Was this article helpful? Yes No
100% helpful (2/2)
Article Information
Author:
Creation Date:
‎09-21-2018
Views:
4463
Contributors