Issue
SSL Certificate is expiring/expired on customer's Unified Workspace (formerly webNetwork) server(s).
Solution
Lenovo Software Support can assist you with renewing the SSL Certificate on your UW servers. The only downtime required will be a restart of UW, on your servers, once the process has been fully completed. Once the SSL Certificate has been updated in the keystore, the restart can be scheduled for a future time.
Send a copy of the /stoneware/config/<keystore>* file, along with a copy of the /stoneware/config/stonewareloader.xml file, to Stoneware**.
* To find the exact filename for your keystore, look at your relay objects in the webAdmin dashboard and check the CERTIFICATE SOURCE field.
** If your system has multiple relay servers, we only need copies of the files from one of the relay servers.
We will create a new CSR and send that back to you.
You take the CSR and submit it to your CA company. If they ask what type choose Java, Tomcat (this really won't matter too much as it's just to tailor the install instructions to the web server type).
Send us the cert that the CA company sends back to you.
We will create your updated keystore and send it back to you in a .zip.
Upon receipt of the zip file, the customer should extract the .keystore file. The keystore will go into the /stoneware/config directory.
Use the 8090 management console to shut down webNetwork cleanly. Then start webNetwork back up. Do this on all stoneware servers. It is best to shut down and try the new keystore on one server prior to copying it to all other servers.
*** For security, please ZIP the files and upload them to our SSL encrypted server (please notify us if using this server, so that we can retrieve the uploaded files):
You may also encrypt the passwords, through our
Customer Portal, to add additional security to your upload:
Click on the Encrypt Data tile, located under the Customer menu.
****If you already have a new certificate installed on other servers, please let us know, as we should be able to take an exported keystore from one of those servers and convert it to a new Java keystore for webNetwork.
If your certificate is installed in IIS, and you would like to convert an exported PFX Certificate yourself, you can follow these steps:
If you do not wish to convert the exported PFX Certificate yourself, you can provide a copy of the exported PFX Certificate (along with the password for it) with the files listed above. We can then convert the exported PFX Certificate into a Java keystore for you.