Universal Policy Administrator Documentation
< All Topics
Print

Updating SSL Certificates

You must update the UPA SSL certificate in two locations, in both PEM and PFX formats respectively:

  1. The nginx application gateway, where the copy of the certificate must be in
    PEM format.
  2. The IIS website, where the copy of the certificate must be in PFX (PKCS #12)
    format.
Converting between certificate formats

You require both of the PFX and PEM formats of the certificate to proceed. However, you must not encrypt the PEM private key file.

Converting certificates in PFX format to PEM

You must run the following commands to convert certificates in PFX format to PEM:

  1. Click Start.
  2. Type cmd.
  3. Press ENTER.
  4. At the command prompt, enter:
cd "%PROGRAMFILES%\FullArmor\AD Bridge\Gatekeeper\nginx”
openssl pkcs12 -export -out “%temp%\new_cert.pfx” -inkey “<path_to_private_key_file>” -in “<path_to_crt_file>”
  • (Optional) If the PFX file is password protected, enter the PFX password when prompted.
openssl pkcs12 -in “<path_to_pfx_file>” -out “%temp%\new_cert.encrypted.key” -nocerts -provider-path. -legacy
  • (Optional) If the PFX file is password protected, enter the PFX password when prompted.
  • Create a new password for the private key, when prompted.
openssl rsa -in “%temp%\new_cert.encrypted.key” -out “%temp%\privatekey.pem”
  • Enter the password created in a previous step to create an unencrypted private key.
  1. The certificate.crt and privatekey.pem files are created in your temporary directory.
Converting certificates in PEM format to PFX

You must run the following commands to convert certificates in PEM or DER formats to PEM; these might be a .crt and a key file respectively:

  1. Click Start.
  2. Type cmd .
  3. Press ENTER.
  4. At the command prompt, enter:
cd "%PROGRAMFILES%\FullArmor\AD Bridge\Gatekeeper\nginx”
openssl pkcs12 -export -out “%temp%\new_cert.pfx” -inkey “<path_to_private_key_file>” -in “<path_to_crt_file>”
  1. Create a password for the PFX certificate when prompted.
  2. The new_cert.pfx file is created in your temporary directory.
Installing a PEM certificate in nginx

You can copy over and install certificates in PEM format to nginx. Complete the following steps:

  1. Click Start.
  2. Type Run .
  3. Press ENTER.
  4. In the Open dialog box, type %TEMP% .
  5. Click OK .
  6. Copy the certificate.crt and privatekey.pem files into the
    %PROGRAMDATA%\FullArmor\AD Bridge\nginx folders.
  7. Overwrite the existing files when prompted.
  8. Click Start.
  9. Type Services .
  10. Press ENTER.
  11. Restart the AD Bridge nginx Windows service.
Installing a PFX certificate in IIS

You can copy over and install certificates in PFX format to IIS. Complete the following steps:

  1. Click Start.
  2. Type Run.
  3. Press ENTER.
  4. In the Open dialog box, type inetmgr.
  5. Click OK .
  6. Click your server in the Connections pane.
  7. Double-click the Server Certificates icon.
  8. Click Import… in the Actions pane.
    • If you started with a PFX file, browse to it to import.
    • If you started with a PEM file, browse to the new_cert.pfx file in
      the %TEMP% folder to import.
  9. Enter the password when prompted.
  10. Click the AD Bridge Gatekeeper site, in the Connections pane.
  11. Click Bindings in the Actions pane.
  12. Click the https binding.
  13. Click Edit.
  14. In the SSL certificate list, click new_cert.pfx .
    • (Optional) If multiple certificates are available, choose a certificate.
    • Click View to verify the certificate.
  15. Click OK.
In This Article