How do I renew my SSL certificate?

How do I renew my SSL certificate?

This process is in 3 basic parts. 
1 - Create the Keystore 
2 - Generate the CSR 
3 - Import the cert 

The documentation below has several methods to complete this process. The first is a how to use a free Java gui tool called Portecle, the second is another free 
tool called Keystore Explorer and finally the command line method. 


*We do not recommend using the command line method unless you have done it before, it is easy to do something wrong. 


**If you do not feel comfortable with either method, or it has been a while since you have updated your keystore yourself, please see the following KB on how Stoneware can assist you with updating your keystore





### ### 
### ### 




### ### 
### KeyStore Explorer method 5.x ### 
### ### 

Found at : http://keystore-explorer.sourceforge.net/ which is now free. 

Load gui, create a new JKS keystore. 
Next, generate a new KeyPair, selecting RSA / 2048 
Version : 3 
Signature Algorithm : SHA-256 with RSA
Validity Period 5 Years 
Serial Number : leave at default 
Name : < click edit name icon > 

Fill out the information for the keystore. 
cn: *.example-cloud.com 
ou: IT Services 
o: company 
l: Ft. Wayne 
st: IN 
C: US 
E: ssladmin@example-cloud.com 

*** Note the state should be un uppercase.

Click OK 
Alias: *.example-cloud.com 
Password: Same as your relay user password 

Right click on *.example-cloud.com and choose generate CSR. 

Format : PKCS #10 
Signature Algorithm : SHA-256 with RSA (or whatever your CA vendors requests it should be)
Challenge : < leave blank > 
CSR File : Enter name to save csr file. 

This is the csr you will send to your Certificate Authority. 

When you get your cert back, open internet explorer and go to : 
Tool 
Internet Options 
Content 
Certificates 
Import 
Select the certificate you were sent from your CA (save in Other People). 

Once imported, export it as a .p7b file with the include any intermediate certificates option. 
Go back to the keytool gui and right click on *.example-cloud.com and select Import CA Reply. 

Save certificate and copy to relay to test. 







### ### 
### Command line Keytool method ### 
### ### 

### Part 1 ### 

Note: This method is not recommended if you are not already familiar with using the command line for modifying SSL Certificates. 

Backup your /usr/stoneware/jre/lib/security/cacerts file. 

Go into webadmin, find your relay object , click on it, and take note of 
where your stoneware.keystore file is located. Typically this is in 
/usr/stoneware/config or /usr/stoneware/bin 

Backup the stoneware.keystore file. 

You will need to know the password for the RelayUser account as this is the same 
password that is used for the stoneware.keystore. 

Generate a Java keystore and key pair
keytool -genkey -alias mydomain -keyalg RSA -keystore stoneware.keystore -keysize 2048

Generate a certificate signing request (CSR) for an existing Java keystore
keytool -certreq -alias mydomain -keystore stoneware.keystore -file mydomain.csr

Import a root or intermediate CA certificate to an existing Java keystore
keytool -import -trustcacerts -alias root -file Thawte.crt -keystore stoneware.keystore

Import a signed primary certificate to an existing Java keystore
keytool -import -trustcacerts -alias mydomain -file mydomain.crt -keystore stoneware.keystore

    Can't find the KB

    Unable to find the KB to address your issue ?  

      • Recent Articles

      • Change Reset Password Button Text

        Change the text of the "Reset Password" button on the UW Login Page How to change the text of the Reset Password button on the Login Page. Login to webNetwork and open webAdmin on your Relay Central Server Expand Customization Center Expand Tenants ...
      • Remove Reset Password Button From Login Page

        Remove the Reset Password Button from the Login Page How to remove the Reset Password button from the Unified Workspace login page. Login to webNetwork and open webAdmin on your Relay Central Server Expand Customization Center Expand Tenants Expand ...
      • Lenovo Unified Workspace End-of-Life Questions and Answers

        As of January 31st 2024, Lenovo Unified Workspace (formerly Stoneware WebNetwork) is no longer supported. This means that we no longer provide licenses, downloads, updates, patches, or technical assistance for this product. If you have any questions ...
      • How do I determine my Unified Workspace license expiration date?

        The best method for determining the licensing information including the expiration date of your Unified Workspace license: Login to your 8090 management console on each server This may take remoting into each LUW server and relay, opening a browser, ...
      • Lenovo Unified Workspace 7.0.2.13 Released

        Highlights of Unified Workspace 7.0.2.13 Before you install: Please view the installation notes here. 7.0.2.13 requires a 7.0 license file. Below is a list of enhancements and fixes released in Unified Workspace 7.0.2.13 Fixed external storage ...
      • Related Articles

      • DC won’t obtain SSL certificate automatically

        Customer installed Enterprise CA server in their AD forest and some Domain Controllers won’t pick up an SSL certificate.   The customer used LDP.exe to verify all of their DC to see if they had SSL enabled.  They found a DC that did not pick up an ...
      • Convert PFX certificate to JKS keystore using KeyStore Explorer

        Issue: Can we import the wildcard SSL Certificate we already have on our IIS server(s)? Solution: Please see the following documentation on how to convert a PFX certificate, exported from an IIS server, to a Java JKS keystore. Once you have your new ...
      • webNetwork will not start because AD ssl certificate has expired

        Customer restarted webnetwork and now it won’t start. It gives errors like : FATAL (12/23) 11:19:23 [com.stoneware.service.DirectoryManager]: Unable to verify/extend schema. javax.naming.CommunicationException: simple bind failed: 192.168.1.41:636 ...
      • SSL certificate installation - part 1

        Problem: Need to create and add new wildcard SSL certificate to Unified Workspace server. Prerequisite(s): Download and install KeyStore Explorer tool on workstation Solution(s): Below instructions will walk you through process of creating a new ...
      • SSL certificate installation - part 2

        Problem:  Need to create and add new wildcard SSL certificate to Unified Workspace server. Prerequisite(s): Completed part 1 Access to keystore password Solution(s):  Below instructions will walk you through process of placing a new keystore on ...