My Tunnel server certificate is expiring within a few days.
I would like to check the steps to renew the certificate of Tunnel server without causing connection issue to the multiple tunnel clients connections to this tunnel server.
As part of the certificate creation process is to provide the number of days before the cert expires. So, to renew, a cert will need to be re-created for the tunnel. This process is described with screenshots in the following techtip: https://support.ca.com/us/knowledge-base-articles.TEC1636935.html
After applying the new cert, you can remove the old cert and watch your queues to confirm that they continue to function properly.
Also refer http://www.ca.com/us/services-support/ca-support/ca-support-online/knowledge-base-articles.tec000002642.html
When I follow https://comm.support.ca.com/kb/how-to-setup-nimsoft-monitor-tunnels KB000034262 which is your second link tec000002642.
On the first step of renewal I-Setup CA(Certificate Authority) when I perform this step all existing certs were auto deleted and two new certs were created.
Didn't expect the old certs to be deleted after the restart.
I did not fully check on the status of the connected tunnel clients on the tunnel server I want to do the renew as there is another tunnel setup on the failover hub connected.
Thanks for the information it work well in creating a new tunnel cert and manage to follow through.
Now only left multiple hub and robots showing (NO LICENSE) in the IM to solve.
If you have many to do, you can create the second certificate on the tunnel server and activate it. The tunnel server will happily run with the two certs active.
The next part assumes that you have come consistency to your tunnel clients: in this case, there's only one tunnel configured (identified in the <1> section, and you're creating the new tunnel in section <2>)
Create a hub.cfx file with:
<tunnel> overwrite<clients> overwrite <1> overwrite active = no</1> <2> overwrite active = yes host = YourTunnelServerIP port = YourTunnelServerPort heartbeat = 1801 cert = certs/client2.pem password = YourHashedCertPassword check_cn = no description = YourTunnelServerDescription hub = YourTunnelServerHubName robot = YourTunnelServerRobotName </2>
Put the cfx file into a hub update package.
Add a tab to the package before the hub.cfx tab and:
Add the new new client cert file to the package with a path of "hub/certs".
Create a file called "serial.dat" and put a "3" in it (next cert number) and add to the package with a path of "hub/certs".
When you drop this package on a new client, it'll copy out the new cert, update the record keeping so you can add new certs later if necessary, add the new cert to your hub cfg file and restart your hub.
Thanks will try configure it as a custom package for recovery or new deployment.
Retrieving data ...