What This Article Is About
If you have set-up Anveo the first time, you might have used a temporary, self-signed certificate for your test environment. This is a good choice for test environments, because it is not required to buy a signed certificate from a Certificate Authority (CA). However, this self-created certificate cannot be used for live systems, because identity cannot be tested upon first login.
Anveo Mobile App does not allow a change from a self-signed (= untrusted) to another self-signed certificate without deleting and re-initialization of local app databases.
A change to a trusted certificate (domain valid, from an official certificate authority and valid from-to dates) is allowed.
This article explains how to change your existing installation from a self-signed certificate to a signed certificate by an CA. If you set-up a new system with a signed certificate, please follow the steps in our installation manual.
- Request A Signed Certificate From A Certificate Authority
First you need a pair of keys - a private and a public key. You can either genereate a Certificate Signing Request (CSR) on your server and send this CSR ro a Certificate Authority (CA) like thawte.com. The CA will prove your identity and sends a signed public key to you.
Or your CA creates both keys for you directly and you simply have to import them.
This should by done by your system administrator.
- Import Private And Public Key To Your Computer Account
Add Certificate Snap-In:
Import your certificate like described in our installation documentation.
- Open your certificate:
Copy the Thumbprint of your certificate and paste it in your Anveo Server configuration file.
Note: If you have used copy&paste to transfer the value, make sure there is no hidden character at the beginning or at the end of the thumbprint.
<CustomerCertificate enabled="true" certificateThumbprint="DE21EE84F7626C7BCB83B08741B125DF6211A346" />
Disable your SelfSigned Certificate:
<CreateSelfSignCertificatePfx enabled="false" ...
- Restart Anveo Server.
- Now, the data channel (default port 7021) is still using the old certificate. Re-run https registration for data channel port.
Delete your old registration first:
netsh http del urlacl url=https://*:7021/
netsh http del sslcert ipport=0.0.0.0:7021
- Register new certificate for your data channel:
Open folder Transfer\ANVEOServiceTierLog and (re-) run file ANVEOServiceTier.bat with Administrator rights.
Note: Some devices require a restart of the device after chaning a certificate. This is caused by a certificate cache on the device.
It is not required to uninstall and reinstall Anveo Server for this procedure.