Update Your Existing Certificate
 |
This topic is intended for users trying to update an existing certificate that is about to expire. If you are generating a certificate for the first time, follow instructions mentioned in the Certificate Handling for Instance Registration topic. If your certificate expired before you could update it, get in touch with PTC Technical Support for a certificate update.
|
If your existing certificate for Solution Central is about to expire, you need to update the certificate. You cannot use Solution Central once your certificate expires. It is recommended that you update your certificate regularly to avoid expiration.
To update your Solution Central certificate, complete the following steps:
1. Create a self-signed certificate or use existing valid certificate. You can use tools, such as OpenSSL or KeyStore Explorer, to create and manage the certificate. To create a self-signed certificate using OpenSSL, run the following command:
openssl req -newkey rsa:2048 -nodes -keyout key.pem -x509 -days 720 -out certificate.pem
This generates the following files:
◦ certificate.pem — the certificate
◦ key.pem — the private key associated with the certificate
2. Create the PKCS12 keystore using the certificate and the key created in step 1, with solution-central.certificate.new as the alias. Run the following command:
openssl pkcs12 -export -in certificate.pem -inkey key.pem -out sc-keystore-new.p12 -name solution-central.certificate.new
"Enter Export Password": "<Enter password for the export>"
"Verifying - Enter Export Password": "<Re-enter password for the export>"
"Verifying - Enter Export Password": "<Re-enter password for the export>"
This generates the sc-keystore file.
3. Import sc-keystore-new, the keystore generated in step 2, into sc-keystore, the existing keystore.
keytool -importkeystore -srckeystore sc-keystore-new.p12 -srcstoretype pkcs12 -srcstorepass <new-keystore-password> -destkeystore C:/ThingworxPlatform/sc-keystore -deststoretype pkcs12 -deststorepass <old-key-store-password>
The sc-keystore will have 2 aliases: solution-central.certificate and solution-central.certificate.new.
4. Update your certificate using the UpdateCertificate() service available in the SolutionCentralSubsystem.
5. After successfully updating, solution-central.certificate.new is renamed to solution-central.certificate in the sc-keystore.
If Your Certificate Has Expired
If your certificate expired before you could update it, get in touch with PTC Technical Support for a certificate update.