Choose your language

Choose your login

Contact us

Renew an SSL certificate

This page applies to:

To ensure that the trust mechanisms in SSL are adhered to, SSL certificates are designed to expire so that your environment is kept up-to-date. To renew your SSL certificate you need to retrace your steps when originally creating a new SSL certificate. See: Generate SSL/HTTPS keys . However, the exact steps depend on your Certificate Authority as some require you to submit a brand new CSR, some allow you to just request a new SSL certificate.

The easiest way to do this is to use a new keystore, e.g. you substitute my-ssl-keystore with my-ssl-keystore-20151217

The new my-ssl-keystore-20151217 is put into production only after you’ve modified the server.properties as per Use the PaperCut NG/MF self-signed certificate and have restarted the PaperCut NG/MF Application Server. This means you have time to create the private key, complete the CSR and receive the signed certificate before using the new keystore. If there is an issue with the new certificate or setup, you can quickly revert back to the original my-ssl-keystore.

For example, the SSL key generation command originally was

keytool -keystore [app-path]\server\custom\my-ssl-keystore -alias jetty -genkeypair
-keyalg RSA

and it becomes

keytool -keystore [app-path]\server\custom\my-ssl-keystore-20151217 -alias jetty -genkeypair
-keyalg RSA

Comments