Difference between revisions of "Information Systems:Renewing the Web Orders SSL Certificate"

Instructions On How To Renew An SSL Certificate For Web order Or InfoNet These instructions were written by DarrenF on January 11 2016 and describe what needs to be done when the SSL certificate on a website hosted on the Power8 needs to be renewed. Hopefully this all happens before the current expiry date.

1. Go to https://bart.unipharm.local:2005/ibm/console
2. Ignore unsupported browser message
3. Login with credentials – probably all object auth or qsec
4. On left side IBM I Management panel, at the bottom, click on “Internet Configurations”
5. Then click on “Digital Certificate Manager” in the main tab
6. Log in again with same credentials
7. On the left side, click on “Select A Certificate Store”
8. Choose *SYSTEM and click continue
9. Enter in the password which is visionit and click continue
10. Click the triangle twisty next to “Manage Certificates” and then click “View Certificate”
11. Write down the friendly name of the certificate that needs to be renewed because there may be duplicates from past years – make sure that you renew the correct certificate by checking the expiry date!
12. Click “Renew Certificate” in the “Manage Certificate” menu
13. Select the correct certificate that needs to be renewed and click the Renew button
14. The next screen should only have 1 option as an Internet Certificate Authority, click continue
15. Choose “Yes – Create a new key pair” and click continue
16. The “New Certificate Label” is the friendly name for this renewal – try and make the label descriptive and unique
17. Key size must be 2048
18. Fill out the rest of the fields underneath Certificate Information and take a screenshot of that screen
19. Country code is CA and then click continue
20. Copy the certificate request into Notepad and save the file – be sure to copy from the first dash line to the end of the last dash line

21. Click OK 22. Take the saved block of text and provide that to the CA reseller when purchasing the renewed certificate 23. Try and buy a renewed certificate for the longest period of time possible unless the website or server doing the hosting is going to be decommissioned 24. When the CA has issued the renewed certificate, download it 25. On the Digital Certificate Manager website, on the left side click “Import Certificate” from the “Manage Certificates” menu 26. Choose “Server or client” and click continue 27. The renewed certificate file from the CA needs to be copied to the IFS, /temp works well 28. Type the file patch into the import screen and click continue 29. Specify the same friendly label as you chose in step 16 and click continue 30. If you get an error that validation of the certificate failed then the CA’s root certificates also need to be imported in the correct order so that the renewed certificate can be validated all the way up the chain by going back to step 26 and choosing CA instead of server 31. Click on “Assign Certificate” from the “Manage Certificates” menu 32. Choose the newly renewed certificate you just imported and click “Assign to Application” 33. Either InfoNet or Web Orders should be at the bottom of the list, put a check mark in the right application and click continue 34. Delete the files that were put on the IFS as they are not needed anymore 35. Log out of the Digital Certificate Manager page and the web Navigator site 36. At this point you could stop the IBM HTTP server and then restart it to see the renewed certificate immediately – otherwise you will have to wait for the EOD to automatically bounce the web server instances 37. Check in a web browser that the new certificate with the correct expiry dates is actually being used 38. Profit