Renewing an Expired SSL Certificate

This section describes the necessary steps for renewing an expired SSL certificate, either authorized or self-signed. This procedure is required when you are already using SSL Certificate to secure your communication, your current certificate has expired, and you want install a new certificate.

Note: You do NOT have to stop the Control Service during the renewal process.

To renew an expired SSL certificate

1. Obtain a new certificate, and install it on the machine where the Control Service is running.
2. To remove the old certificate binding, run the following command:

httpcfg.exe delete ssl -i 0.0.0.0:{CS SSL Port Number}

3. Note: The CS SSL Port Number parameter is the port number you entered during the Control Service installation. You can find it in the ws_man.exe.config file, under the "ws_port" value.
4. The command result should not return any error. The end of the message should be:

…completed with 0

3. To bind the new certificate to the Control Service SSL port, run the following command:

httpcfg.exe set ssl -i 0.0.0.0:{CS SSL Port Number} -h {New Certificate SslHash}

4. Notes:
   • The httpcfg.exe parameter is a standard utility for Windows Servers, and you can find it in the Control Service installation directory.
   • You can find the New Certificate SslHash parameter in the Certificate dialog, on the Details tab, under the Thumbprint value:
5. 
6. Remember to enter the Thumbprint value WITHOUT the spaces between the characters, like this: 8f40f9904372ccbd3706d72ed25d.

• The command result should not return any error. The end of the message should be:

…completed with 0.

• The SSL certificate is now renewed.