Applies only to SafeConsole OnPrem v4.x


The Problem


The SafeConsole SSL Certificate has expired, this due to the use of a public CA certificate or an internal CA with a short expire time. If the certificate has expired new SafeConsole Ready Devices will not be able to be added to the SafeConsole server.


Solution


Create a new SSL Certificate and import it to “Installed certificates” in the SafeConsole. Enable the Server Connection feature and choose the newly imported certificate as the replacement SSL Certificate. 


After all SafeConsole Ready Devices has been updated with the new certificate, the Server Connection feature can be disabled and the old SafeConsole SSL Certificate can be replaced with the new one.


Step By Step Walk-through


  1. Generate or acquire a new SSL Certificate with as PKCS#12 (.p12) and a .cer format (the public key).
  2. Log in to the SafeConsole as an administrator and import the new public key certificate (.cer) from “Installed certificates” menu option to the left.
  3. From the “Configuration overview”, open the “Server Connection” policy and change the “Redeploy to new server with certificate” to the new certificate.
  4. Make sure all users update their SafeConsole Ready Device with the new policy by using their device.
  5. Note: If you have many devices in your organization you might need to inform all the users that they need to insert and use their SafeConsole Ready Device to update the policy. Once you know that all devices are updated from the “Device overview”, you can proceed further on with the replacement of the SSL-certificate.
  6. Stop the SafeConsole service from the command prompt “net stop safeconsole”
  7. Open the program “SafeConsole Configurator” from the Windows Start-menu.
  8. Go though the steps until you come to step 3, choose “Import SSL certificate” and choose the new SSL-certificate (.p12).
  9. Finish the final step which will start up the SafeConsole server again.

 

The SafeConsole Ready Devices and the SafeConsole server are now reconfigured to use the new SSL-certificate.