Applies only to SafeConsole OnPrem v4.x

The Problem

The SafeConsole SSL Certificate has expired due to the use of a public CA certificate or an internal CA with a short expiry period. If the certificate has expired, new SafeConsole Ready Devices will not be able to be added to the SafeConsole server.


Create a new SSL Certificate and import it into the “Installed certificates” in the SafeConsole. Enable the Server Connection feature and choose the newly imported certificate as the replacement SSL Certificate. 

After all SafeConsole Ready Devices have been updated with the new certificate, the Server Connection feature can be disabled and the old SafeConsole SSL Certificate can be replaced with the new one.

Step By Step Walk-through

  1. Generate or acquire a new SSL Certificate with as PKCS#12 (.p12) and a .cer format (the public key).
  2. Log in to the SafeConsole as an administrator and import the new public key certificate (.cer) from “Installed certificates” menu option to the left.
  3. From the “Configuration overview”, open the “Server Connection” policy and change the “Redeploy to new server with certificate” to the new certificate.
  4. Make sure all users update their SafeConsole Ready Device with the new policy by using their device.
  5. Note: If you have many devices in your organization you might need to inform all the users that they need to insert and use their SafeConsole Ready Device to update the policy. Once you know that all devices are updated from the “Device overview”, you can proceed further with the replacement of the SSL-certificate.
  6. Stop the SafeConsole service from the command prompt “net stop safeconsole”
  7. Open the program “SafeConsole Configurator” from the Windows Start-menu.
  8. Go though the steps until you come to step 3, choose “Import SSL certificate” and choose the new SSL-certificate (.p12).
  9. Finish the final step which will start up the SafeConsole server again.


 The SafeConsole Ready Devices and the SafeConsole server are now reconfigured to use the new SSL-certificate.