Netbotz Generate New Self-Signed Certificate

DCIM_Support · ‎2020-07-04

Is there a way to generate a new self-signed certificate for our Netbotz 450 appliances. They are running v 4.6.2 firmware. The current certificate for the Netbotz listed in our DCE has expired. Thanks.

DCIM_Support · ‎2020-07-04

Dear Sean Riley,

First, you need to make sure that your NetBotz-450 uses a valid self-signed certificate for communication over the HTTPS protocol.

If this is the case, you simply need to open the NetBotz-450 web-GUI in any browser and export the self-signed certificate to a plain text file in a standard way. Then you can import this self-signed certificate from a plain text file into the DCE-server in the standard way.
If this is not the case, i.e. NetBotz-450 has invalid self-signed certificate, then you can try to just reboot it. During the initial boot NetBotz-450 will determine its own invalid self-signed certificate and perform its automatic regeneration by default. The same process occurs when you disable the HTTPS port and re-enable it in the APC Advanced View Web Server Configuration settings.

Try and tell please the result.

With respect.

See Answer In Context

DCIM_Support · ‎2020-07-04

Dear Sean Riley,

First, you need to make sure that your NetBotz-450 uses a valid self-signed certificate for communication over the HTTPS protocol.

If this is the case, you simply need to open the NetBotz-450 web-GUI in any browser and export the self-signed certificate to a plain text file in a standard way. Then you can import this self-signed certificate from a plain text file into the DCE-server in the standard way.
If this is not the case, i.e. NetBotz-450 has invalid self-signed certificate, then you can try to just reboot it. During the initial boot NetBotz-450 will determine its own invalid self-signed certificate and perform its automatic regeneration by default. The same process occurs when you disable the HTTPS port and re-enable it in the APC Advanced View Web Server Configuration settings.

Try and tell please the result.

With respect.

DCIM_Support · ‎2020-07-04

Additionally if you have a valid self signed cert but simply want a new one, go to configuration–>network settings. Change the hostname and reboot. A new cert will be created. You can then change the hostname back again (and get another new cert).

Steve

DCIM_Support · ‎2020-07-04

Thanks for the information. Much more helpful than what I found in my searching.

Does the self signed certificate need to be expired before it will perform the automatic regeneration of the self-signed cert? Or will it regenerate if say there is a month left on the cert?

Thanks.

DCIM_Support · ‎2020-07-04

Hi Sean, Simply changing the hostname or even the NetBotz time will regenerate a cert. This will happen regardless of the cert's current status / validity.

DCIM_Support · ‎2020-07-04

Dear Sean Riley,

Does the self signed certificate need to be expired before it will perform the automatic regeneration of the self-signed cert? Or will it regenerate if say there is a month left on the cert?

The self-signed certificate for NetBotz-4.x appliance is created for five years, and so far I can not say anything on this issue...

With respect.

DCIM_Support · ‎2020-07-04

Tried changing the time, but the cert is still the same. Rebooted as well after changing the time. I was avoiding changing the host name as I was not sure if DCE would like that.

DCIM_Support · ‎2020-07-04

Maybe time zone, I can test but don’t recall. Again, change the hostname and upon reboot, change it back. DCE should have no issue and you can also take it offline to do so.

Steve.

DCIM_Support · ‎2020-07-04

Tried changing the time, but the cert is still the same. Rebooted as well after changing the time...

So it should be, because changing time is a bad idea... It seems to me, that if you can reboot the NetBotz-450, then you can perform the self-signed certificate regeneration as it is written above in the answer.

With respect.

DCIM_Support · ‎2020-07-04

My Netbotz self-signed certs expire next month. So they are still valid. I was trying to be proactive in getting them updated, rather than waiting for them to expire. I wish there was more detail on installing our own trusted certs from our MS CA, but reading through the documentation I could find, made it seem quite cumbersome.

DCIM_Support · ‎2020-07-04

Dear Sean Riley,

...I wish there was more detail on installing our own trusted certs from our MS CA, but reading through the documentation I could find, made it seem quite cumbersome.

But if everything is done correctly according to the documentation, then you will get an excellent result 😀.

To help you, I recommend you read the instruction Creating a Certificate Signing Request (CSR) for NetBotz-4.x appliances.
In addition, a small utility APC Network Management Card Security Wizard v1.0.4 can be very useful.
And in addition to this topic, there are two small documents Security Handbook for APC Network Management Cards AOS v5.x.x and Security Handbook Network Enabled Devices AOS V.6.5.X that will help you avoid mistakes and inaccuracies.

I hope this helps you.

With respect.

DCIM_Support · ‎2020-07-04

This question is closed for comments. You're welcome to start a new topic if you have further comments on this issue.