Renew an Expired Certificate for the Privileged Access Appliance
If the SSL certificate of your Bomgar Appliance is about to expire, you must renew it following the instructions below. If you need to replace an existing certificate with one from another certificate authority, see Replace an SSL Certificate on the Privileged Access Appliance.
Because the software on the Bomgar Appliance is built for your specific SSL certificate, please be proactive in contacting Bomgar Technical Support before your SSL certificate expires. This way, Bomgar Technical Support can build software to help migrate your connections.
The steps below will guide you through renewing a CA-signed certificate.
Purchase the Certificate Renewal
- Contact the certificate authority that signed the certificate to request a renewal.
When a certificate is renewed, the original certificate data is used. Therefore, a new certificate request is not needed, and no new intermediate or root certificates need to be installed.
- Many CAs keep the certificate request information on file. Others may require you to provide the original certificate request.
If the CA requires a copy of the original certificate request, go to the /appliance > Security > Certificates page.
- In the Security :: Certificate Requests section, click the subject of the certificate request which matches the original certificate's data.
- Select and copy the Request Data, and then submit this information to your certificate authority.
Import the Certificate Files
- Once the certificate authority has responded to the request with the new certificate files, download all of the files to a secure location. This location should be accessible from the same computer used to access the /appliance interface.
- Log into the /appliance interface of your Bomgar Appliance. Go to Security > Certificates.
- In the Security :: Certificate Installation section, click the Import button.
- Browse to your new certificate file and click Upload.
- Your renewed certificate should now appear in the Security :: Certificates section. This new certificate can be identified by its Expiration, since this will be a later date than the original certificate.
Assign IP Addresses
Your new certificate will not secure any hostnames until you assign it to one or more IP addresses.
- To apply your certificate to an IP address, go to Security > Certificates.
- In the Security :: Certificates section, click the name of your new certificate.
- At the bottom of the page, select the IP addresses which are currently assigned to the old certificate.
- Click Save Configuration.
- The renewed certificate will now serve as the SSL certificate for the IP addresses you selected.
At this point, the appliance should be fully upgraded and operational with its new certificate. The old certificate may be removed and/or revoked as necessary.