Installing a New Self-Signed Certificate

Use this procedure to replace the current KeyControl certificate with a new self-signed certificate generated by the Public certificate authority that is included with KeyControl.

Note: If you want to install an externally-signed SSL certificate from a Base64-encoded pem format file, see Installing a New External Certificate.

1. Log into the KeyControl webGUI using an account with Domain Admin privileges.
2. In the top menu bar, click Cluster.

3. Click the Servers tab and select a KeyControl node.

   Note: You can use a different certificate on each KeyControl node. In this case, however, HyTrust recommends that all of the certificates be signed by the same Certificate Authority.

4. Select Actions > Use Self-Signed Certificate.

5. Click Proceed at the prompt.

   KeyControl restarts the web server which may interrupt the browser connection to the webGUI. When the restart is finished you are returned to the webGUI login page.

   Tip: If you are using IE, you may receive an alert stating that revocation information for the certificate is not available. Click Yes to acknowledge the alert and restart the web service. If you are using Chrome and you receive a series of connection errors when the web service restarts, open the webGUI login page in a new tab.

6. If you want to verify that the new certificate was properly installed, select Actions > View Current Certificate.