on 10-14-2015 10:51 PM
Hello guys,
SSL PI single stack server certificate expired. We followed step by step guide to configure the new certificate by:
1) Deleted the old crt from SSL Service
2) Created the new crt with CN "HOSTNAME OF WEB DISPATCHER"
3) Generated the CSR request
4) Imported the CSR response
5) Exported the keystore view from ICM_SSL_<instance>_<port1> to PSE
6) Saved the SSL port configurations by restarting the ICM which resulted the ICM with green light and no errors.
7) Restarted the SSL Provider
😎 Even tried restarting the whole PI server.
However, when we tested the link HTTPS://HOSTNAME(webdispatcher):PORT1 it still refer the old certificate which is expired.
Qestion1 : Where does it get the old certificate from even through we have deleted from NWA configuration key storage?
When we tried accessing the node instead of web dispatcher server, we found the new certificate that we installed with the CN:"webdispatcher". Therefore, even this link would not work because the CN name is different.
Question2: How does the HTTPS://HOSTNAME(instance)server:PORT1 grabs the new certificate which was meant for the web dispatcher?
Thank you!
Simran
Hi Simran,
Do you have an old ICM_SSL_<INSTANCE> view in key storage that may be overriding the one that you have renewed the certificate in? Just check to see if the old certificate lives in that view and matches what you are getting in the browser. If so, you'll need to delete it from there and renew it in that view instead.
Regards,
Nick
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
93 | |
10 | |
10 | |
9 | |
9 | |
7 | |
6 | |
5 | |
5 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.