You are viewing an old version of this page. View the current version.

Compare with Current View Page History

Version 1 Next »

6.0.42.0 To renew an expired proxy certificate, go to the Certificate tab of the corresponding proxy node and click Create New Self-Signed Certificate.

Figure: New Self-signed Proxy Certificate

On this Page:

Related Pages:

A message 'Created new certificate. ... ' informs you, that the certificate has been created. The new self-signed certificate will be created without further request for confirmation - existing certificates (also ones signed by a certification company) are overwritten.

Restart the proxy to enable the new certificate.

Renewing a Certificate on older E2E Bridge Installations

  • Deprecated since Bridge 6.0.42.0

If your are using a newer E2E Bridge, you don't need to follow this procedure, but you can just renew the certificate with a mouse-click (see top of the page).

To renew an expired proxy certificate, repeat the following steps. As each proxy node has a unique name and a certificate, the procedure described below has to be repeated for each individual proxy node.

  1. Create an ssl configuration file.
  2. Backup your existing certificate.
  3. Stop the E2E proxy.
  4. Create a new certificate.
  5. Verify the expiration date of the certificate.
  6. Start the E2E proxy.

Create an SSL Configuration File

Paste the following configuration into an editor and replace <your proxy node> by your proxy node name.

[req] 
x509_extensions = req_ca 
distinguished_name = req_dn 
prompt = no 
[req_ca] 
subjectKeyIdentifier = hash 
authorityKeyIdentifier = keyid:always,issuer:always 
basicConstraints = CA:true 
[req_dn] 
O = Snake Oil 
CN = <your proxy node>

Save the file as openssl.conf to a directory of your choice.

Backup Your Existing Certificate

Backup your old proxy certificate as described in Exporting a Certificate.

Stop the E2E Proxy

Stop the proxy as described in Starting and Stopping the Proxy Service.

Create a new Certificate

Run the command mentioned below from the directory you saved the configuration file openssl.conf to. Adjust the directory paths to your installation. Replace <your proxy node> by your proxy node name.

c:\e2e_bridge_prog\bin\openssl-win32-x86.exe req -new -x509 -days 1025 -config openssl.conf -key c:\e2e_bridge_data\proxies\conf\<your proxy node>_key.pem -out c:\e2e_bridge_data\proxies\conf\<your proxy node>_cert.pem

If you are not using Windows, replace openssl-win32-x86.exe by one of the executables listed below.

PlatformOpenssl Executable
Linuxopenssl-linux-x86
Solaris x86openssl-solaris-x86
Windowsopenssl-win32-x86.exe

If the command returns without any output, everything is correct. The new certificate has been generated and already installed.

Verify the Expiration Date of the New Certificate

Inspect the certificate information as described in Managing Bridge Proxy Server Certificates and verify the expiration date "Valid Not After" of the certificate .

Start the E2E Proxy

Start the proxy as described in Starting and Stopping the Proxy Service.

  • No labels