1 Reply Latest reply on Mar 12, 2013 11:17 AM by Dan_O

    How to reset/regenerate modular server SSL certificate?

    Zsolt M.

      Our modular server's (MFSYS25V2) SSL certificate was autogenerated, but I don't really know what exactly triggered it ... so I don't know how to trigger it again.


      The problem is that the certificate is self-signed and the certificate subject contains the IP address of the modular server's management interface.

      During the configuration we've assigned a hostname to the management interface and we access it using this hostname ever since.


      Both Internet Explorer and Google Chrome issue warnings if we access the management interface via the hostname. Importing the SSL certificate into IE's certificate store doesn't help, because the certificate was issued to the IP address of the server and not the hostname.


      Moreover the auto-generated certitificate is valid only for one year. It was generated on 10/30/2012 and will expire on 10/30/2013. What will happen to the certificate, when it expires? Is it going to be regenerated?


      Is there a way to make the modular server (re)generate this certificate for it's hostname?


      P.S.: I've seen that there was a question about modular server's SSL certificate before (in 2009). But that question was about applying custom/trusted SSL certificates to the management interface.

        • 1. Re: How to reset/regenerate modular server SSL certificate?

          I just tested this in my lab.  I changed the name, and the certificate was the same.  I set the time zone correctly (I had the default one at first), there was a new security exception, and I accepted the certificate.  I checked the details, and it was issued today.


          So the answer is; the modular server will generate a new certificate once a year, or when the timezone changes.


          If you changed just the name, and a new certificate was not generated, try going in and changing the time (forward or backward by a minute, to be non-disruptive), and let us know if a new certificate is generated, and can be added as an exception in the browser.