How to update renewed SSL certificate of individual Service in AccAD
Document Title: How to update renewed SSL certificate of individual Service in AccAD.
Author: Girish K. Garje
Date: 1st March 2015.
As we know AccAD accelerates the performance of web based applications. The Web based applications are nothing but http or https applications. For https application it is necessary to request & apply SSL certificate from Certificate Authority. However if this services is configured to pass through AccAD and SSL certificate is renewed for this particular service then, The application would not be accessible i.e. users will get “Content was blocked because it was not signed by valid security certificate”. Hence it is important that we update this certificate in AccAD as well.
2. Error Specification
As we said above if the SSL certificate is renewed for a particular individual or group of services, then & If it not configured to pass through AccAD then users will not face any security errors. However if the service is configured to pass through AccAD then users will get below error
If we right click on above error page anywhere and select properties then we can see for which particular web service this certificate error is shown
Further if we click on Certificate button, then we can see the certificate expiry date which still shows old dates. That means the new SSL certificate which was applied for that particular backend application is not used here.
If we access this application directly without AccAD then we can see the new updated expiry dates.
3. Update the renewed SSL certificate in AccAD.
3.1: Get the SSL certificate of this application service in .pfx or in .p12 format along with the password if was set while renewing.
3.2: Login to AccAD SFE using admin user & password.
3.3: Navigate to Delivery policies –> Expand the tree node “Delivery Policy” –> Expand node Service instance –> Expand the service for which the SSL certificate has been renewed. –> Click on Termination Certificate node. It shows the screen as follows
3.4: Note the Certificate Expiration dates from & to. It still shows the old values as per shown in the error specification dialog box above.
Now click on Edit button.
It allows the browse & upload the SSL certificate in .pfx or .p12 format.
Enter the password of the SSL certificate. & Click on upload button.
Click on Save & then apply button.
This will update the SSL certificate in AccAD SFE.
3.5 : To make the new SSL certificate changes effective it is necessary to clear the cache of all CFEs.
So navigate to Cockpit tab and click on Clear button against all CFEs as shown below.