What is the procedure for renewing the expired Digital Certificate?
Article ID: KB0086700
Updated On:
| Products | Versions |
|---|---|
| TIBCO BusinessConnect | - |
| Not Applicable | - |
Description
Resolution:
1.You would need to generate new CSR.
It is technically possible to use the same CSR to request your CA to renew your certificate but it is recommended by companies like VeriSign to generate a new CSR from security standpoint because that will reduce the possibility of old keys getting into wrong hands...
2. We recommend that you don't use BC toolkit because there are a number of bugs that can prevent you from completing the certificate chain. You could use open source free tool like OpenSSL (www.openssl.org) for the same purpose.
3. Whether or not a new CSR is created or if old CSR is used, Both you and your TPs have to upload renewed certificates.
At your end, you can upload the p12 file under Trading Host-Key Identity and select the new key file under "Server settings->Partner to Host transports->"Host identity for server" .
If you have DMZ, you have to re-create and re-deploy DMZ server.
Once you select the new key under server settings, the new chain will be presented to your TP's when they contact your server.
So essentially, once your server is configured to present new certificate chain, then TP's also have to start trusting the new chain.
1.You would need to generate new CSR.
It is technically possible to use the same CSR to request your CA to renew your certificate but it is recommended by companies like VeriSign to generate a new CSR from security standpoint because that will reduce the possibility of old keys getting into wrong hands...
2. We recommend that you don't use BC toolkit because there are a number of bugs that can prevent you from completing the certificate chain. You could use open source free tool like OpenSSL (www.openssl.org) for the same purpose.
3. Whether or not a new CSR is created or if old CSR is used, Both you and your TPs have to upload renewed certificates.
At your end, you can upload the p12 file under Trading Host-Key Identity and select the new key file under "Server settings->Partner to Host transports->"Host identity for server" .
If you have DMZ, you have to re-create and re-deploy DMZ server.
Once you select the new key under server settings, the new chain will be presented to your TP's when they contact your server.
So essentially, once your server is configured to present new certificate chain, then TP's also have to start trusting the new chain.
Issue/Introduction
What is the procedure for renewing the expired Digital Certificate?
Feedback
Yes
No
Powered by
