Backup and Restore or Transfer SSL Root Certificates and Server List from Device Administrator

Warning

Potential for Data Loss: The steps detailed in the resolution of this article may result in a loss of critical data if not performed properly. Before beginning these steps, make sure all important data is backed up in the event of data loss. If you are unsure or unfamiliar with any complex steps detailed in this article, please contact Product Support for assistance.

Issue

Unique SSL Root Certificate is self-generated using Device Administrator and it needs to be backed up, restored or transferred to another machine

Product Line

EcoStruxure Building Operation

Environment

• Building Operation Device Administrator
• Building Operation Automation Server

Cause

Without a self-generated SSL Root Certificate installed on Windows OS that is running Device Administrator, Automation Servers with certificates installed will not be trusted. Use cases involve the transfer of data from one installation of Device Administrator to another and are not limited to:

• Transfer from a laptop used during startup to another laptop
• Transfer from a laptop used during startup to Enterprise Server machine

Resolution

Before starting ensure the following:

1. Automation Servers will not be connected via browser for Webstation where a trusted certificate authority should be used to generate the certificates.
2. Device Administrator has SSL Root Certificate installed and Automation Server is successfully communicating via HTTPS per Device Administrator Certificate Workflow 

Backup data from Device Administrator to be transferred or restored using the following process:

1. Backup Existing DA by exporting the SSL Root Certificate
   1. Click SSL Root Certificate
   2. Check Include Private Key
   3. Select the Destination Folder and ZIP filename
   4. Provide a password for the Export File
   5. Confirm the password
   6. Click Export button and verify Root CA Certificate has been exported to the destination folder 
2. Backup Existing DA Server List
   1. Click Save  current server list or Save as new server list button
   2. Default location: C:\ProgramData\Schneider Electric EcoStruxure\Building Operation [n.n]\Device Administrator
   3. Default Filename: Servers.xml 
3. Export Server list
   1. Click Export Server List button
   2. Provide a password and confirm password
   3. Click OK button 

Restore data to the Device Administrator using the following process:

1. Import SSL Root Certificate
   
   1. Click SSL Root Certificate
   2. Click Import Certificate
   3. Check import encrypted Archive
   4. Select file
   5. Enter password 
2. Click Install to Windows Certificate Store to add to Windows for Enterprise Server or Device Administrator to be able to trust certificates. Install into Windows Certificate Store
3. Restore the server list to replace the default list.
   1. Click Import server list
   2. Navigate to and select the file, then click Open
   3. Enter file password, then click OK
   4. Provide the default location in the address bar (see Default Location above), select Servers.xml, and click Save
   5. Click YES to replace the existing file
   6. Click YES to overwrite the existing file
   7. When server list import is complete, click OK