APP: How Do I change a test ssl certificate to a signed certificate provided by an Certificate Authority?

What This Article Is About

If you have set-up Anveo the first time, you might have used a temporary, self-signed certificate for your test environment. This is a good choice for test environments, because it is not required to buy a signed certificate from a Certificate Authority (CA). However, this self-created certificate cannot be used for live systems, because identity cannot be tested upon first login.
Anveo Mobile App does not allow a change from a self-signed (= untrusted) to another self-signed certificate without deleting and re-initialization of local app databases.
A change to a trusted certificate (domain valid, from an official certificate authority and valid from-to dates) is allowed.

This article explains how to change your existing installation from a self-signed certificate to a signed certificate by an CA. If you set-up a new system with a signed certificate, please follow the steps in our installation manual.



  1. Request A Signed Certificate From A Certificate Authority
    First you need a pair of keys - a private and a public key. You can either genereate a Certificate Signing Request (CSR) on your server and send this CSR ro a Certificate Authority (CA) like The CA will prove your identity and sends a signed public key to you.
    Or your CA creates both keys for you directly and you simply have to import them.
    This should by done by your system administrator.

  2. Import Private And Public Key To Your Computer Account

    Add Certificate Snap-In:

    Import your certificate like described in our installation documentation.

  3. Open your certificate:

    Copy the Thumbprint of your certificate and paste it in your Anveo Server configuration file.

    Note: If you have used copy&paste to transfer the value, make sure there is no hidden character at the beginning or at the end of the thumbprint.

    <CustomerCertificate enabled="true" certificateThumbprint="DE21EE84F7626C7BCB83B08741B125DF6211A346" />

    Disable your SelfSigned Certificate:
    <CreateSelfSignCertificatePfx enabled="false" ...

  4. Restart Anveo Server.

  5. Now, the data channel (default port 7021) is still using the old certificate. Re-run https registration for data channel port.

    Delete your old registration first:
    netsh http del urlacl url=https://*:7021/
    netsh http del sslcert ipport= 

  6. Register new certificate for your data channel:
    Open folder Transfer\ANVEOServiceTierLog and (re-) run file ANVEOServiceTier.bat with Administrator rights.

    Note: Some devices require a restart of the device after chaning a certificate. This is caused by a certificate cache on the device.

It is not required to uninstall and reinstall Anveo Server for this procedure.

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request


  • Avatar
    Adam Swiniarski

    Can't locate the insertion point. Which file should I use?

    Disable your SelfSigned Certificate:

  • Avatar
    Gabor Banyai

    Could you please reload the photos in the walkthrough?