Renewing an Expired SSL Certificate

This section describes the necessary steps for renewing an expired SSL certificate, either authorized or self-signed. This procedure is required when you are already using SSL Certificate to secure your communication, your current certificate has expired, and you want install a new certificate.

Note: You do NOT have to stop the Control Service during the renewal process.

To renew an expired SSL certificate

Obtain a new certificate, and install it on the machine where the Control Service is running.
To remove the old certificate binding, run the following command:
```
httpcfg.exe delete ssl -i 0.0.0.0:{CS SSL Port Number} 
```
Note: The CS SSL Port Number parameter is the port number you entered during the Control Service installation. You can find it in the ws_man.exe.config file, under the "ws_port" value.

The command result should not return any error. The end of the message should be:
```
…completed with 0.
```
To bind the new certificate to the Control Service SSL port, run the following command:
```
httpcfg.exe set ssl -i 0.0.0.0:{CS SSL Port Number} -h {New Certificate SslHash}
```
Notes:
- The httpcfg.exe parameter is a standard utility for Windows Servers, and you can find it in the Control Service installation directory.
- You can find the New Certificate SslHash parameter in the Certificate dialog, on the Details tab, under the Thumbprint value:
  
  Remember to enter the Thumbprint value WITHOUT the spaces between the characters, like this: 8f40f9904372ccbd3706d72ed25d.
The command result should not return any error. The end of the message should be:
```
…completed with 0.
```
The SSL certificate is now renewed.