Renew external certificate for the Management Server

You must renew the external certificates for the Management server manually before it expires.

Before you begin

You must have the external Certificate Authority (CA) configured.
Note: This is the certificate authority that is used to sign certificate requests.

Steps

  1. Select Dashboard > Servers / Devices Dashboard.
  2. Browser to Management Server.
  3. Generate the certificate request by using one of the following ways:
    • From the context menu of the Management Server.
      1. Right-click the Management Server, then select Certificate > Renew Certificate.
      2. Click the Yes button, and then click the OK button. The certificate request is generated.
    • From the Management Server properties dialog-box:
      Note: Use this option if the existing settings in the Certificate Definition section need to be updated.
      1. Right-click the Management Server, then select Properties.
      2. Click the Certificate tab.
      3. Click the Renew Certificate button.
      4. Configure the settings in the Certificate Definition section.
      5. Click the Generate Certificate Request button, and then click the Yes button.
      6. Click the OK button. The Certificate Request section is displayed.
  4. Export the generated certificate request by using one of the following ways:
    • From the Management Server properties dialog-box:
      1. Right-click the Management Server, then select Properties.
      2. Click the Certificate tab.
      3. In the Certificate Request section, click the Export Certificate Request button.
      4. Navigate to the desired location and click the Export button, and then click the OK button.
    • From the context menu of the Management Server:
      1. Right-click the Management Server, then select Certificate > Export Certificate Request.
      2. Navigate to the desired location and click the Export button, and then click the OK button.
  5. Sign the exported certificate request by using the external Certificate Authority (CA).
  6. Import the signed certificate by using one of the following ways:
    • From the Management Servers properties dialog-box:
      1. Right-click the Management Server, then select Properties.
      2. Click the Certificate tab.
      3. In the Certificate Request section, click the Import Signed Certificate button.
      4. Select one of the following options:
        • The From File option:
          1. Select the From File radio button, and then click the Browse button.
          2. Navigate the location where the signed certificate is saved.
          3. Select the signed certificate file, and then click the Import button.
          4. Click the OK button.
        • The As Text option:
          1. Select the As Text radio button.
          2. Paste the certificate details.
          3. Click the OK button.
    • From the context menu of the Management Server:
      1. Right-click the Management, then select Certificate > Import Certificate.
      2. Select one of the following options:
        • The From File option:
          1. Select the From File radio button, and then click the Browse button.
          2. Navigate to the location where the signed certificate is saved.
          3. Select the signed certificate file, and then click the Import button.
          4. Click the OK button.
        • The As Text option:
          1. Select the As Text radio button.
          2. Paste the certificate details.
          3. Click the OK button.
  7. Stop the Management Server.
  8. Execute the following script with the option mode=ext-pki-renew:
    sgCertifyMgtSrv
  9. Restart the Management Server.
  10. Verify the expiration date of the renewed certificate. For more details, refer to the Check the expiration date of the certificate topic.