Installing a New Self-Signed Certificate

Use this procedure to replace the current KeyControl Vault certificate configured on internal or external web server with a new self-signed certificate generated by the certificate authority that is included with KeyControl Vault.

Note: If you want to install an externally-signed SSL certificate from a Base64-encoded pem format file, see Installing a New External Certificate.

1. Log into the KeyControl webGUI using an account with Domain Admin privileges.
2. In the top menu bar, click Cluster.

3. Click the Servers tab and select a KeyControl Vault node.

   Note: You can use a different certificate on each KeyControl Vault node. In this case, however, Entrust recommends that all of the certificates be signed by the same Certificate Authority.

4. Select Actions > Use Self-Signed Certificate.
5. Select the web server on which the self-signed certificate is to be installed.

6. Click Proceed at the prompt.

   If you select the external web server, KeyControl restarts the web server. This may interrupt the browser connection to the webGUI. When the restart is finished, you are returned to the webGUI login page.

   Tip: If you are using IE, you may receive an alert stating that revocation information for the certificate is not available. Click Yes to acknowledge the alert and restart the web service. If you are using Chrome and you receive a series of connection errors when the web service restarts, open the webGUI login page in a new tab.

7. If you want to verify that the new certificate was properly installed, select the node and click the link next to Internal/External web server.