Certificate renewal is always a tricky part. Today’s blogs is about how to renew a Vbrik DME certificate.
If you have an old CSR, there is no need to create a new CSR. since i don’t have the Old CSR with me, im generating a CSR for the new certificates.
Go to DME Device administration .
Login with your DME credentials.
In the case of self-signed certificates, select the Generate and Install a Self-Signed CERT button and the certificate is simply generated and installed by the DME.
2. If an organization elects to use a certificate from an authority, a PEM formatted certificate from the authority is necessary. The process for getting the certificate is:1. Generate a server certificate request by completing the fields in the table below.
|Country||Information only. Country of certificate holder.|
|State (Province)||Information only. State of certificate holder.|
|City||Information only. City of certificate holder.|
|Company or Organization||Information only. Company of certificate holder.|
|Department||Information only. Department of certificate holder.|
|Fully Qualified Domain Name||The complete name of the domain, also referred to as a FQDN (fully qualified domain name) as registered on any Internet DNS. This name must be unique within the domain, and possibly accessible by the CA for verification. All lowercase letters must be used.|
|Contact email address||Information only. Email address of certificate holder.|
2. Then click the Generate Certificate Request to use with CA button. The Server Certificate Request field will display an encoded CSR such as seen in the image below. During this process Vbrick stores a private key on the DME that will be used later.
3. With the encoded CSR, engage a Certificate Authority (that is trusted by all browsers within your organization – it is recommended that you use a well known CA).
4. Purchase the certificate specifically for the correct domain name for the DME (make sure the DME has that name, and organization DNS entries). Wildcard or star Certificates are also common – those certificates can be use on multiple servers in your organization. There are special naming conventions, please see the requirements of your CA.
5. Receive the certificate from the Certificate Authority and request PEM formatting.
6. If the CSR was generated on this DME, then the private key is on this machine as well and you can continue to step
7. However, if this is a Certificate whose CSR was generated on another machine, you will need to procure a private key. This approach is common when dealing with wildcard/star certificates. In order for the DME to correctly apply the Certificate, please make sure that the private key is also in the PEM. Select the PEM Includes Key checkbox if applicable. When selected, you will also need to complete an additional FQDN field to name your DME.7. Install the certificate by pasting the PEM and all contents in the Install New Certificate field (at the bottom of the page) and then clicking the Verify and Install New Certificate button.
8. Finally, verify that your certificate was installed in the Currently Installed Certificates window (at the top of the page). An invalid certificate will not be installed. Also, the DME will reboot itself when the certificate is installed correctly.
Certificates provided by a certificate authority (CA) may include multiple components: a private certificate, one or more intermediate certificates, a root certificate, and a private key. The order of these items (for processing by the DME) must be:
If you edit the PEM file to correct order, please do not change any content.
Copy the PEm content to the DME and Choose Verify and install new certificate.
Note:- If the certificates are valid,DME will reboot. So make sure you do this task during the Maintenance Window.