How to replace the ESM Certificate

Document ID : KB000009784
Last Modified Date : 14/02/2018
Show Technical Document Details
Introduction:

In some scenarios the ESM certificate will need to be replaced; old certificate is expiring, updated certificate, etc... If you run into these situations and the ESM certificate is needed to be replaced, there are a few steps needed to be taken to ensure trust is still established between ESM & the Gateway. 

Instructions:

1) Log into the ESM Management Console 

2) Click on the Settings tab -> System Settings sub tab 

3) Click on the System Information section and under SSL Certificate click 'Change'

4) Upload SSL certificate key store

5) Log into the ESM via command line & using the ssgconfig user, select option 7) Display Enterprise Service Manager configuration menu -> 

a) select option 2) Disable the Enterprise Service Manager -> Stop ESM say yes 

b) select option 2) Enable the Enterprise Service Manager (Start the ESM) 

6) Log in the ESM Management Console -> Click on the Settings Tab -> System Settings sub tab, then highlight the SSL Certificate thumbprint and copy to a clipboard 

7) Log into the gateway that will be managed via command line - 

a) Delete the OLD certificate - 5) Display Remote Management configuration menu > 4) Delete Trusted Certificate > Enter "Yes" to confirm 

b) Add the NEW Certificate - 4) New Trusted Certificate > ESM Certificate > Copy in the thumbprint taken earlier > Trust Certficate for Remote Node Management > Enter "S" to save changes 

c) If you have the root password select option 3) Use a privileged shell (root) and from command line type command service ssg restart 

or without root password, Reboot the appliance - R) Reboot the SSG appliance (apply the new configuration) > Enter "Y" to confirm 

8) Log into the Policy Manager of the gateway - Tasks > Manage ESM User Mappings > Select the ESM ID under Trusted Enterprise Service Managers > Click on Remove Registration > Click "OK" to confirm Remove ESM Registration and Delete User Mappings

9) Log into the ESM Management Console > Establish Trust Relationship with Gateway

10) Re-map all user accounts to the gateway

11) Repeat steps 7 to 9 for each gateway that is managed by ESM 

Additional Information:

Restarts of the appliance and ESM is necessary for completion.