cancel
Showing results for 
Search instead for 
Did you mean: 

How to renew web certificate for XMC

How to renew web certificate for XMC

Keith9
Contributor III

Our Extreme Management Center website certificate expired.  While just IT uses it, and we can ignore the cert error, can someone remind me how to renew?

We have an internal Windows CA.  I was looking in the Administration > Certificates > Update button, but theres nowhere to generate the CSR I would supply our Windows certsrv with to get a valid certificate to "drop files here or click to browser".

I need to renew our cert so our internal url https://netsight.domain.com is trusted in the browser, and would be until 2024 when our root cert needs renewed.

1 ACCEPTED SOLUTION

Keith9
Contributor III
Nevermind I figured it out.  Theres no web ui to do the generation process, but I was able to just SSH to the server and generate a key and csr with openssl, take that csr to our Windows CA and specify the san names (san:dns=netsight&dns=netsight.domain.com).  Then get that file, cat out the key I made with openssl and paste it in a text file on my pc to save it, then in that dialog box upload by drag and drop that key file, the base64 cert that windows CA came with, our root cert, and put in the key password I made with openssl.
Then i did a reboot command and when everything loaded the web ui is now trusted.

openssl genrsa 2048 | openssl pkcs8 -v1 PBE-SHA1-RC4-128 -topk8 -out server.key
openssl req -new -key server.key -out request.csr

cat request.csr   (copy and paste contents into windows ca /certsrv, webserver template.
cat server.key (copy and paste into notepad and save as server.key).
Drag and drop all three files, done.

View solution in original post

1 REPLY 1

Keith9
Contributor III
Nevermind I figured it out.  Theres no web ui to do the generation process, but I was able to just SSH to the server and generate a key and csr with openssl, take that csr to our Windows CA and specify the san names (san:dns=netsight&dns=netsight.domain.com).  Then get that file, cat out the key I made with openssl and paste it in a text file on my pc to save it, then in that dialog box upload by drag and drop that key file, the base64 cert that windows CA came with, our root cert, and put in the key password I made with openssl.
Then i did a reboot command and when everything loaded the web ui is now trusted.

openssl genrsa 2048 | openssl pkcs8 -v1 PBE-SHA1-RC4-128 -topk8 -out server.key
openssl req -new -key server.key -out request.csr

cat request.csr   (copy and paste contents into windows ca /certsrv, webserver template.
cat server.key (copy and paste into notepad and save as server.key).
Drag and drop all three files, done.
GTM-P2G8KFN