Sidewinder Control Center: How to replace a Control Center CA certificate
- Article Number: 000015779
- Products: Sidewinder Control Center
- Version: 5.3
- Last Published Date: January 09, 2020
EnvironmentSidewinder Control Center 5.3.2
All Control Center certificate authority certificates (CA) will expire on or about December 26, 2019. The CA certificate expiration applies to all deployed Control Center Servers. The procedure described in this article describes how to generate a new Control Center CA certificate. We highly recommended that you run this procedure before December 26, 2019. Otherwise, all communication to the Control Center server will cease on or after that date.
Determine if the CA certificate needs to be updated
To show the contents of the current Control Center Certificate Authority and its validity dates, type the following command and press ENTER:
openssl x509 -text -in /usr/local/tomcat/JavaCA/cacert.pem
If the expiration date of the validity is far in the future, no further actions are needed.
If the expiration date is upcoming, create a new CA certificate for Control Center
Before you complete any steps in this Knowledge Base article, we recommend that you do the following to ensure that the process works correctly:
Important: If the Management Server is running with the High Availability (HA) option, use the High Availability Removal Wizard to stop HA. Perform the following steps on both the primary and secondary servers after HA has been stopped.
Important: You will continue to receive a pop-up about the CA certificate expiration even after creating a new CA certificate. Select the check box in the pop-up message to disable the notification. If you want to verify that a new CA certificate has been created, use the 'openssl' command as explained in the beginning of this article to check the validity dates of the new CA certificate.
For each firewall, do the following: