Notifications

105 views

Description

This article describes how to create or renew the X.509 Certificates created by the instance for Edge Encryption Proxies.  

An example use case is you are being informed that the Edge Encryption Proxy certificates are about to expire and you want to renew them.

These certificates are in the System Definition -> Certificates module and are named as follows:

edge_cert_<proxy_name>|<proxy_guid>
and
sn_edge_instance_selfcert

For edge_cert_<proxy_name>|<proxy_guid> there is one certificate created for each Authenticated proxy.

For sn_edge_instance_selfcert there is only one of these.

Note that KB0787258 mentions that once those certificates expire, the instance should auto-renew them, but if you want to renew them before this follow this article.

Release or Environment

Any instance with Edge Encryption proxies on the Madrid release or above.

Resolution

(1) Shutdown one of the proxies

(2) From the X.509 Certificates page delete these two certificates:

sn_edge_instance_selfcert
edge_cert_<name and guid of the proxy shutdown in step (1)>

(3) On the Edge Encryption Proxies page select the shutdown proxy -> right click in the top gray banner -> Export > XML (This Record) -> save to your desktop

(4) Edit the downloaded XML file from (3) change line 3 from this:

<sys_encryption_proxy action="INSERT_OR_UPDATE">

to this:

<sys_encryption_proxy action="DELETE">

Save the change

(5) On the Edge Encryption Proxies page right click in the list view columns and select Import XML -> select the edited XML file from (4) -> Upload - the proxy should be deleted

(6) On the stopped proxy machine delete all of the files in <proxy_installation_directory>/cache/*

(7) Start the proxy, it should show up on the instance again as Unauthenticated -> select that proxy and select Authenticate, this will create new certificates - with new expiration dates of 182 days:

sn_edge_instance_selfcert
edge_cert_<name and guid of the proxy shutdown in step (1)>

(8) Shutdown another different proxy

(9) From the X.509 Certificates page delete this one certificate:

edge_cert_<name and guid of the proxy shutdown in step (8)>

(10) On the Edge Encryption Proxies page select the shutdown proxy -> right click in the top gray banner -> Export > XML (This Record) -> save to your desktop

(11) Edit the downloaded XML file from (10) change line 3 from this:

<sys_encryption_proxy action="INSERT_OR_UPDATE">

to this:

<sys_encryption_proxy action="DELETE">

Save the change

(12) On the Edge Encryption Proxies page right click in the list view columns and select Import XML -> select the edited XML file from (11) -> Upload - the proxy should be deleted

(13) On the stopped proxy machine delete all of the files in <proxy_installation_directory>/cache/*

(14) Start the proxy, it should show up on the instance again as Unauthenticated -> select that proxy and select Authenticate, this will create a new certificate - with new expiration date of 182 days:

edge_cert_<name and guid of the proxy shutdown in step (8)>

(15) Repeat steps (8) through (14) until all proxies have new edge_cert_<name and guid of the proxy> certificates

Article Information

Last Updated:2020-02-20 06:07:16
Published:2020-02-20