Our SSL cert is expiring on our UW servers, can Lenovo Software help us renew that certificate?

Our SSL cert is expiring on our UW servers, can Lenovo Software help us renew that certificate?

Issue

SSL Certificate is expiring/expired on customer's Unified Workspace (formerly webNetwork) server(s).


Solution

Lenovo Software Support can assist you with renewing the SSL Certificate on your UW servers.  The only downtime required will be a restart of UW, on your servers, once the process has been fully completed.  Once the SSL Certificate has been updated in the keystore, the restart can be scheduled for a future time.


Send a copy of the /stoneware/config/<keystore>* file, along with a copy of the /stoneware/config/stonewareloader.xml file, to Stoneware**.

* To find the exact filename for your keystore, look at your relay objects in the webAdmin dashboard and check the CERTIFICATE SOURCE field.
** If your system has multiple relay servers, we only need copies of the files from one of the relay servers.

We will create a new CSR and send that back to you.

You take the CSR and submit it to your CA company. If they ask what type choose Java, Tomcat (this really won't matter too much as it's just to tailor the install instructions to the web server type).

Send us the cert that the CA company sends back to you.

We will create your updated keystore and send it back to you in a .zip.

Upon receipt of the zip file, the customer should extract the .keystore file. The keystore will go into the /stoneware/config directory.

Use the 8090 management console to shut down webNetwork cleanly. Then start webNetwork back up. Do this on all stoneware servers. It is best to shut down and try the new keystore on one server prior to copying it to all other servers.


*** For security, please ZIP the files and upload them to our SSL encrypted server (please notify us if using this server, so that we can retrieve the uploaded files):

You may also encrypt the passwords, through our Customer Portal, to add additional security to your upload:
Login to the Customer Portal, using your customer credentials.
Click on the Encrypt Data tile, located under the Customer menu.


****If you already have a new certificate installed on other servers, please let us know, as we should be able to take an exported keystore from one of those servers and convert it to a new Java keystore for webNetwork.

If your certificate is installed in IIS, and you would like to convert an exported PFX Certificate yourself, you can follow these steps:

If you do not wish to convert the exported PFX Certificate yourself, you can provide a copy of the exported PFX Certificate (along with the password for it) with the files listed above.  We can then convert the exported PFX Certificate into a Java keystore for you.

    • Related Articles

    • Convert PFX certificate to JKS keystore using KeyStore Explorer

      Issue: Can we import the wildcard SSL Certificate we already have on our IIS server(s)? Solution: Please see the following documentation on how to convert a PFX certificate, exported from an IIS server, to a Java JKS keystore. Once you have your new ...
    • Lenovo Software Products

      The Lenovo Software group produces and only supports the following products: Airstack LanSchool LanSchool Air Unified Workspace (formerly webNetwork) webRDP  (End of Life notice) Please visit The Lenovo Software website for more information on these ...
    • How do I renew my SSL certificate?

      This process is in 3 basic parts.  1 - Create the Keystore  2 - Generate the CSR  3 - Import the cert  The documentation below has several methods to complete this process. The first is a how to use a free Java gui tool called Portecle, the second is ...
    • DC won’t obtain SSL certificate automatically

      Customer installed Enterprise CA server in their AD forest and some Domain Controllers won’t pick up an SSL certificate.   The customer used LDP.exe to verify all of their DC to see if they had SSL enabled.  They found a DC that did not pick up an ...
    • webNetwork will not start because AD ssl certificate has expired

      Customer restarted webnetwork and now it won’t start. It gives errors like : FATAL (12/23) 11:19:23 [com.stoneware.service.DirectoryManager]: Unable to verify/extend schema. javax.naming.CommunicationException: simple bind failed: 192.168.1.41:636 ...
    • Popular Articles

    • Old Browser Versions

      Question: I am using an older browser version and am having problems. What can be done ? We are not able to upgrade the browser at this time.   This is a challenge for any company that makes software that utilizes a browser. Since Stoneware does not ...
    • LCS Redirection

      Problem: How to redirect the LCS in an environment with multiple LCSs and students connecting to them. Solution(s): Create an allow.cfg on all LCS(s) (including the Master) in the network, however, even if no allow.cfg is present on an LCS, machines ...
    • Time windows allows for Service Shutdown

      Issue: Can the time windows gives a service to shut down before it kills the service be increased? Solution: Yes, the following information comes from the Microsoft URL : http://support.microsoft.com/kb/146092 To specify the wait time, do the ...
    • How to disable password saving - Internet Explorer

      Having multiple methods for saving a password in the browser can cause confusion for the user.   To disable password saving in Internet Explorer, launch Internet Explorer and perform the following steps. Click the blue Settings menu icon in the upper ...
    • How to disable password saving - Chrome

      Having multiple methods for saving a password in the browser can cause confusion for the user.  To disable password saving in Chrome, launch Chrome and perform the following steps. Click the Chrome menu button in the upper right corner of the Chrome ...
    • Recent Articles

    • Lenovo Unified Workspace 7.0.0.63 Released

      Highlights of Unified Workspace 7.0.0.63 If you need assistance with your update, please e-mail support at support@lenovosoftware.com or visit https://unifiedworkspace.com/support/ for more information. Below is a list of enhancements and fixes for ...
    • How to fix customized login and profile after upgrading to v7.0

      With the release of 7.0 the default login page has been modified to simplify the customization process.  If you are having an issue with the login page not displaying, after upgrading to v7.0, you will need to delete the custom CSS code and start ...
    • SAML SP - Sync Directory Password

      Login script to prompt for directory password Since the user does not login into Unified Workspace with a password, we cannot capture the password to use in the @@password@@ variable.  If you would like to use the Active Directory password for other ...
    • MySQL 8 SSL

      Issue Admin is making a database connection to a MySQL 8 database.  When clicking the Ping button on the DB Connection object, the following error is presented: WARN: Establishing SSL connection without server's identity verification is not ...
    • 7.0 excludeProtocols - includeProtocols - allowCiphers - denyCiphers config file

      excludeProtocols - includeProtocols - allowCiphers - denyCiphers config file The following configuration is recommended for systems running 7.0.0.63, and higher. (For older 6.5 releases of UW, please see this article.) ...