DEPLOYMENT > SSL Certificates > Replace an SSL Certificate

Replace an SSL Certificate

If you need to replace an existing certificate with a new certificate from a different issuing Certificate Authority, or if you need to upgrade from a self-signed certificate to a CA-signed certificate, follow the instructions below. If you need to renew an existing CA-signed certificate from the same CA, see Renew an Expired Certificate.

Bomgar client software must be able to validate the SSL certificate of their appliance in order to establish secure connections. To do this, they must trust the certificate authority of the appliance's server certificate. If this CA is changed without preparing the clients beforehand, then it is possible to permanently lose connectivity to the clients due to failed SSL validation. To avoid this, the Bomgar Appliance must be properly updated with product builds from Bomgar Technical Support and provisioned with the new CA-signed certificate.

To replace an existing certificate, it is critical to update the appliance's license package before assigning an IP address to the new certificate. With the exception of the reversal of the last two steps, the steps to replacing a certificate are the same as those for adding a certificate for the first time. For details of each step, see Create an SSL Certificate. Be sure to follow the order of the steps as defined below:

  1. Create a certificate request from the /appliance > Security > Certificates page.
  2. Submit the certificate request to a certificate authority.
  3. Upload the CA-signed certificate files to your Bomgar Appliance.
  4. Email your site and certificate information to Bomgar Technical Support, and then update your Bomgar software.
  5. Edit the certificate and assign the IP addresses for the hostnames to be secured.

At this point, the appliance should be fully upgraded and operational with its new certificate. The old certificate may be removed and/or revoked as necessary.

Note: Do not send your private key file (which ends in ".p12") to Bomgar Technical Support. If a certificate is being exported to be sent to Bomgar Technical Support, you should NOT check Include Private Key. Ensure that the private key and its passphrase are kept in a secure, well-documented location on your private network. Exporting certificates will not remove them from the appliance.