Difference between revisions of "Information Systems:Renewing the Web Orders SSL Certificate"

Instructions On How To Renew An SSL Certificate For Web order Or InfoNet These instructions were written by DarrenF on January 11 2016 and describe what needs to be done when the SSL certificate on a website hosted on the Power8 needs to be renewed. Hopefully this all happens before the current expiry date.

1. Go to https://bart.unipharm.local:2005/ibm/console - No as of 2019 use Web Navigator instead
2. Ignore unsupported browser message
3. Login with credentials – probably all object auth or qsec
4. On left side IBM I Management panel, at the bottom, click on “Internet Configurations”
5. Then click on “Digital Certificate Manager” in the main tab
6. Log in again with same credentials
7. On the left side, click on “Select A Certificate Store”
8. Choose *SYSTEM and click continue
9. Enter in the password which is visionit and click continue
10. Click the triangle twisty next to “Manage Certificates” and then click “View Certificate”
11. Write down the friendly name of the certificate that needs to be renewed because there may be duplicates from past years – make sure that you renew the correct certificate by checking the expiry date!
12. Click “Renew Certificate” in the “Manage Certificate” menu
13. Select the correct certificate that needs to be renewed and click the Renew button
14. The next screen should only have 1 option as an Internet Certificate Authority, click continue
15. Choose “Yes – Create a new key pair” and click continue
16. The “New Certificate Label” is the friendly name for this renewal – try and make the label descriptive and unique
17. Key size must be 2048
18. Fill out the rest of the fields underneath Certificate Information and take a screenshot of that screen
19. Country code is CA and then click continue
20. Copy the certificate request into Notepad and save the file – be sure to copy from the first dash line to the end of the last dash line
21. Click OK
22. Take the saved block of text and provide that to the CA reseller when purchasing the renewed certificate
23. Try and buy a renewed certificate for the longest period of time possible unless the website or server doing the hosting is going to be decommissioned
24. If using Network Solutions they will do an email and phone validation on the SSL renewal to make sure that the certificate is going to the correct company
25. When the CA has issued the renewed certificate, download it
26. On the Digital Certificate Manager website, on the left side click “Import Certificate” from the “Manage Certificates” menu
27. Choose “Server or client” and click continue
28. The renewed certificate file from the CA needs to be copied to the IFS, /temp works well
29. Type the file path into the import screen and click continue
30. Assign the NEW certificate to the correct application which should be either Web Orders or InfoNet at the bottom of the list
31. Specify the same friendly label as you chose in step 16 and click continue
32. If you get an error that validation of the certificate failed then the CA’s root certificates also need to be imported in the correct order so that the renewed certificate can be validated all the way up the chain by going back to step 26 and choosing CA instead of server
33. Click on “Assign Certificate” from the “Manage Certificates” menu
34. Choose the newly renewed certificate you just imported and click “Assign to Application”
35. Either InfoNet or Web Orders should be at the bottom of the list, put a check mark in the right application and click REPLACE
36. Delete the files that were put on the IFS as they are not needed anymore
37. Log out of the Digital Certificate Manager page and the web Navigator site
38. At this point you could stop the IBM HTTP server and then restart it to see the renewed certificate immediately – otherwise you will have to wait for the EOD to automatically bounce the web server instances
39. Check in a web browser that the new certificate with the correct expiry dates is actually being used
40. Profit