XDP: how to replace a SSL certificate for XDP

XDP: how to replace a SSL certificate for XDP

Steps to replace a SSL cert for XDP are:
FUP dup the TRUSTSAV file to another file (call it TRUSTTMP) on the XYGATEDP subvolume.
  1. Follow the instructions in the XYGATE Data Protection manual to copy the new SSL certificates into the TRUSTTMP file  ?Refer to the section ?SSL Certificates Overview? in the Voltage SecureData Administrator Guide for more information about SSL certificates.
  2. Verify that the new certificate is valid by running the CURL program as shown below in ?curl sample A? after changing the highlighted host name. Fix any problems. CURL can be obtained from the ITUGLIB
  3. When it is time to switch over to the new cert ? rename the old TRUSTSTR file out of the way and rename the TRUSTTMP file to be TRUSTSTR.
  4. Go into the XDP pathway system and freeze server *,wait; stop server *;thaw server *;start server *
  5. Allow 60 seconds for the encryption servers to initialize themselves.
  6. Perform a test encryption to ensure that the new certificates are working.
  7. If encryption fail with an error 362/voltage error 20040 - run curl using the syntax below in ?curl sample B? after changing the highlighted host name to figure out why the problem is occurring and then begin again at step 1 with corrected SSL cert information.
 
Curl Sample A:
 
run curl -I -v -S --cacert trusttmp --ssl --ssl-reqd -X GET https://voltage-pp-0000.<<host name>>/policy/clientPolicy.xml
 
Curl Sample B:
 
run curl -I -v -S --cacert truststr --ssl --ssl-reqd -X GET https://voltage-pp-0000.<<host name>>/policy/clientPolicy.xml


If this article did not provide a solution, please open a case with our support team by sending an email message to support@xypro.com.