Skip to main content

Welcome to the Cyara Knowledge Center

Search

Changing the X.509 Certificate

Updated: tech writers Edited:

The Cyara Encryption Tool checks the validity of the X.509 certificate and logs a warning in the log file if the X.509 certificate is reaching the expiry date. When this happens, you need to install a new X.509 certificate and change the existing configuration settings to point to the new X.509 certificate.

To satisfy any security concerns related to the sensitive database fields that are encrypted, Cyara recommends you install a new X.509 certificate to ensure all the information is safe. After you install the new X.509 certificate, the existing configuration settings need to be changed.

To change the X.509 configuration settings, perform the following steps:
  1. Install the new X.509 certificate
  2. Shut down the Services
  3. Modify the Cyara Web Portal, Voice Scheduler, and Omni Scheduler configuration settings
  4. Modify the Encryption Tool configuration settings

Shut Down the Services

Before changing the configuration settings, you must shut down the Cyara Web Portal, Voice Scheduler, and Omni Scheduler. You cannot use the Cyara Web Portal, Voice Scheduler, and Omni Scheduler and must remain offline until the process is complete.

Modify the Cyara Web Portal, Voice Scheduler, and Omni Scheduler Configuration Settings

For the new X.509 certificate to be applied, you need to modify the existing encryption configuration settings and apply the values as per the new certificate.

Perform the following steps:

  1. After installing the new X.509 certificate, obtain the Certificate Name and Thumbprint values for the new X.509 certificate. Refer to the Obtaining the Certificate Name and Thumbprint Values section for instructions.
  2. Update the Cyara Web Portal web.config file, specifically the <EncryptionSettings.UniqueCertificateName> section, with the settings as per the new X.509 certificate. Refer to the Configuring the Cyara Web Portal section for instructions.
  3. Update the Voice Scheduler SchedulerServiceHost.exe.config file, specifically the <EncryptionSettings.UniqueCertificateName> section, with the settings as per the new X.509 certificate. Refer to the Configuring the Voice Scheduler section for instructions.
  4. Update the Omni Scheduler Cyara.Scheduler.Host.exe.config file, specifically the <EncryptionSettings.UniqueCertificateName> section, with the settings as per the new X.509 certificate. Refer to the Configuring the Omni Scheduler section for instructions.

Modify the Encryption Tool Configuration Settings

To apply the new X.509 certificate, perform the following steps:

  1. In the Cyara.Database.Utils.Encryption.Tool.exe.config file, update the existing keys in the <EncryptionSettings.UniqueCertificateName> section as old key values. 
      
    <add key="OldEncryptionSettings.UniqueCertificateName" value="CN = CyaraPlatformEncryptionExample" />
    <add key="OldEncryptionSettings.CertificateThumbprint" value="6f 54 7c 48 87 bb 8f 8c 71 3f fb 50 f9 9b 5c 4c 8f dd 85 3f" />
    <add key="OldEncryptionSettings.MachineCertificate" value="True" />
    <add key="OldEncryptionSettings.Cipher" value="AESplusX509" />
  2. Update the Cyara.Database.Utils.Encryption.Tool.exe.config file with the Certificate Name and Thumbprint values of the new X.509 certificate. 
    
    <add key="EncryptionSettings.UniqueCertificateName" value="CN = CyaraPlatformEncryptionExampleNew" />
    <add key="EncryptionSettings.CertificateThumbprint" value="‎6c 7a a8 ef 0e 44 d2 bb 46 1a 4c c4 f6 69 6a 41 9a e1 70 4c" />
    <add key="EncryptionSettings.MachineCertificate" value="True" />
    <add key="EncryptionSettings.Cipher" value="AESplusX509" />

    <add key="OldEncryptionSettings.UniqueCertificateName" value="CN = CyaraPlatformEncryptionExample" />
    <add key="OldEncryptionSettings.CertificateThumbprint" value="6f 54 7c 48 87 bb 8f 8c 71 3f fb 50 f9 9b 5c 4c 8f dd 85 3f" />
    <add key="OldEncryptionSettings.MachineCertificate" value="True" />
    <add key="OldEncryptionSettings.Cipher" value="AESplusX509" />
  3. Run the Cyara Encryption tool using the following command line syntax:

    Cyara.Database.Utils.Encryption.Tool.exe –c

    A message will appear displaying the previous machine certificate and the current machine certificate.

  4. Enter continue to apply the new certificate. Ensure there are no errors.
  5. Restart the Omni Scheduler, Voice Scheduler, and IIS Portal services.
Was this article helpful?
0 out of 0 found this helpful
Return to top

Related articles

Comments

0 comments

Please sign in to leave a comment.