Seon Core - Regenerate certificate request
In case of an expiring or expired certificate, you need to re-request a certificate at a given CA. Using Seon's built-in capability to regenerate a certificate signing request (CSR) from an existing certificate is the easiest way to do this task.
Seon's process for regenerating a certificate request uses the same private key and the same certificate subject in order to make the migration from the old (expiring) to the new certificate as easy as possible.
Contents
Requirements
The following requirements must be met before this described process may work:
- You already have a certificate and private key combination uploaded to the "CSR" management panel, say: you have a green line indicating that you have such an entry.
- Your webserver (PHP) is able to communicate to the internet via https
- either directly
- or via a configured HTTP proxy
If no communication is possible, you can manually download the CSR and send it to us via eMail to support@seon.de, but the most common way is the direct communication.
Find certificate
In order to re-request a certificate signing request, navigate to the administrative web interface to the menu entry "Certificates" -> "Cert.request". In the new panel, search your certificate you want to use for regenaration and click on the "gear" icon (labeled as "Use certificate of CSR ..."):
Issue new CSR
In the new window, click on the button "Regenerate new certificate request based in this certificate". This process uses the same private key for issueing a new signing request for the certificate. All textual information (like C, CN, OU etc.) will be extracted from the original certificate.
If the issued certificate was issued by the c-works OFTP2 CA, then your request is sent online to the CA, you don't need any interaction.
If the issued certificate was not issued by the c-works OFTP2 CA, then you have to download the CSR with the "Save" icon .
Receiving certificate
You will receive your certificate via eMail, addressed to the eMail address in the request field "eMail address". As an attachement, the certificate file will be contained. Upload the certificate file in the CSR panel via the "Upload certificate" button:
Your line of the corresponding certificate request will instantly turn green:
Use the certificate
With a green line, you can use this issued certificate (in combination with your private key) for any security operation in OFTP2. To ease up the configuration, click on the 5th icon on the left labeled with "Use certificate...". A new panel opens:
If your configured OFTP2 TLS server certificate is writable by the webserver, you can easily write a new version of that file. A backup of the old file will be made, if possible (give the webserver write permissions to the directory where the certificate file is configured to). Afterwards, restart your Seon daemons in order to activate the new certificate (active transfers are not affected).
If you have OFTP2 security enabled (secure authentification, file encryption, file signing or signed EERPs) for all, some or even one partner, you can use the buttons and comboboxes below in order to activate this certificate as an instant or future replacement of your current configuration. The certificate will then be saved in the partner's configuration and the partner is being informed by this change with an Odette OFTP2 certificate exchange mechanism. You can use the button "Inform all relevant OFTP2 partners (with OFTP2 security options enabled)" in order to inform them about your new certificate. This process will send the new certificate as a future replacement to the partner via OFTP2. The partner must be able to support the Odette certificate exchange mechanism.