Netbotz Generate New Self-Signed Certificate

This comment was originally posted on DCIM Support by Steven Marchetti on 2018-06-20

Additionally if you have a valid self signed cert but simply want  a new one, go to configuration–>network settings. Change the hostname and reboot. A new cert will be created. You can then change the hostname back again (and get another new cert).

Steve

(CID:132654985)

This comment was originally posted on DCIM Support by Sean Riley on 2018-06-20

Thanks for the information.  Much more helpful than what I found in my searching. 

Does the self signed certificate need to be expired before it will perform the automatic regeneration of the self-signed cert?  Or will it regenerate if say there is a month left on the cert?

Thanks.

(CID:132659452)

This comment was originally posted on DCIM Support by Steven Marchetti on 2018-06-20

Hi Sean, Simply changing the hostname or even the NetBotz time will regenerate a cert. This will happen regardless of the cert's current status / validity.

(CID:132654992)

This comment was originally posted on DCIM Support by spezialist on 2018-06-20

Dear Sean Riley,

Does the self signed certificate need to be expired before it will perform the automatic regeneration of the self-signed cert?  Or will it regenerate if say there is a month left on the cert?

The self-signed certificate for NetBotz-4.x appliance is created for five years, and so far I can not say anything on this issue...

With respect.

(CID:132659450)

This comment was originally posted on DCIM Support by Sean Riley on 2018-06-20

Tried changing the time, but the cert is still the same.  Rebooted as well after changing the time.  I was avoiding changing the host name as I was not sure if DCE would like that.

(CID:132655038)

This comment was originally posted on DCIM Support by Steven Marchetti on 2018-06-20

Maybe time zone, I can test but don’t recall. Again, change the hostname and upon reboot, change it back. DCE should have no issue and you can also take it offline to do so. 

Steve. 

(CID:132655048)

This comment was originally posted on DCIM Support by spezialist on 2018-06-20

Tried changing the time, but the cert is still the same.  Rebooted as well after changing the time...

So it should be, because changing time is a bad idea... It seems to me, that if you can reboot the NetBotz-450, then you can perform the self-signed certificate regeneration as it is written above in the answer.

With respect.

(CID:132655058)

This comment was originally posted on DCIM Support by Sean Riley on 2018-06-20

My Netbotz self-signed certs expire next month.  So they are still valid.  I was trying to be proactive in getting them updated, rather than waiting for them to expire.  I wish there was more detail on installing our own trusted certs from our MS CA, but reading through the documentation I could find, made it seem quite cumbersome.

(CID:132655106)

This comment was originally posted on DCIM Support by spezialist on 2018-06-21

Dear Sean Riley,

...I wish there was more detail on installing our own trusted certs from our MS CA, but reading through the documentation I could find, made it seem quite cumbersome.

But if everything is done correctly according to the documentation, then you will get an excellent result 😀.

• To help you, I recommend you read the instruction Creating a Certificate Signing Request (CSR) for NetBotz-4.x appliances.
• In addition, a small utility APC Network Management Card Security Wizard v1.0.4 can be very useful.
• 
• 
• And in addition to this topic, there are two small documents Security Handbook for APC Network Management Cards AOS v5.x.x and Security Handbook Network Enabled Devices AOS V.6.5.X that will help you avoid mistakes and inaccuracies.

I hope this helps you.

With respect.

(CID:132655392)