https://communities.sas.com/t5/Administration-and-Deployment/Renew-TLS-server-certificate-for-webserver/m-p/378917#M9609 Hello,<BR /><BR />Actually, no, that's not enough.<BR />You need to ensure the certificate chain is replaced/updated on the web server (if you have set up the certificate chain file), and you need to re-import in order every certificate from the chain in every machine where the privatejre from SAS is installed (servers and clients).<BR /><BR /><BR /> Tue, 25 Jul 2017 10:21:39 GMT JuanS_OCS 2017-07-25T10:21:39Z https://communities.sas.com/t5/Administration-and-Deployment/Renew-TLS-server-certificate-for-webserver/m-p/378915#M9608 <P>Hi team,</P><P>&nbsp;</P><P>Due to an update in Chrome, we had to regenerate one of our SAS web server certificate files.</P><P>&nbsp;</P><P>Since the corporate CA certificate nor the server private key changed, am I correct by saying that I can only replace the .crt file in&nbsp;&lt;config_dir&gt;/Lev1/Web/WebServer/ssl and restart the mid tier ?</P><P>&nbsp;</P><P>Thanks,</P><P>&nbsp;</P> Tue, 25 Jul 2017 10:01:36 GMT https://communities.sas.com/t5/Administration-and-Deployment/Renew-TLS-server-certificate-for-webserver/m-p/378915#M9608 nhvdwalt 2017-07-25T10:01:36Z https://communities.sas.com/t5/Administration-and-Deployment/Renew-TLS-server-certificate-for-webserver/m-p/378917#M9609 Hello,<BR /><BR />Actually, no, that's not enough.<BR />You need to ensure the certificate chain is replaced/updated on the web server (if you have set up the certificate chain file), and you need to re-import in order every certificate from the chain in every machine where the privatejre from SAS is installed (servers and clients).<BR /><BR /><BR /> Tue, 25 Jul 2017 10:21:39 GMT https://communities.sas.com/t5/Administration-and-Deployment/Renew-TLS-server-certificate-for-webserver/m-p/378917#M9609 JuanS_OCS 2017-07-25T10:21:39Z https://communities.sas.com/t5/Administration-and-Deployment/Renew-TLS-server-certificate-for-webserver/m-p/378919#M9610 <P>Thanks&nbsp;<a href="https://communities.sas.com/t5/user/viewprofilepage/user-id/35204">@JuanS_OCS</a></P><P>&nbsp;</P><P>Please bear with me, I'm on crypto 101 here.....</P><P>&nbsp;</P><P>If the none of the CA details have changed, why would that affect the chain ?</P> Tue, 25 Jul 2017 10:42:29 GMT https://communities.sas.com/t5/Administration-and-Deployment/Renew-TLS-server-certificate-for-webserver/m-p/378919#M9610 nhvdwalt 2017-07-25T10:42:29Z https://communities.sas.com/t5/Administration-and-Deployment/Renew-TLS-server-certificate-for-webserver/m-p/378920#M9611 Good question.<BR /><BR />Actually, one detail changes right? Expiration date or whatsoever. The thing is that you need to change the CA with some (minor) detail changes what I expect will change, in the end, the pem certificate content. If client-server certificate has any difference, ssl won't validate the connection.<BR /><BR />So, what you can do once you regenerate the new ca, is to compare contents of the file. If they are the same, you won't need to ensure anything , but if a single character changes, I would refer you to my previous advise.<BR /> Tue, 25 Jul 2017 10:50:39 GMT https://communities.sas.com/t5/Administration-and-Deployment/Renew-TLS-server-certificate-for-webserver/m-p/378920#M9611 JuanS_OCS 2017-07-25T10:50:39Z https://communities.sas.com/t5/Administration-and-Deployment/Renew-TLS-server-certificate-for-webserver/m-p/378938#M9612 <P>Thanks&nbsp;<a href="https://communities.sas.com/t5/user/viewprofilepage/user-id/35204">@JuanS_OCS</a>, makes sense. We'll probably only do this on Thu, but I will report back.</P><P>&nbsp;</P><P>Thanks for the help.</P> Tue, 25 Jul 2017 12:17:06 GMT https://communities.sas.com/t5/Administration-and-Deployment/Renew-TLS-server-certificate-for-webserver/m-p/378938#M9612 nhvdwalt 2017-07-25T12:17:06Z https://communities.sas.com/t5/Administration-and-Deployment/Renew-TLS-server-certificate-for-webserver/m-p/383533#M9649 <P>Ok, so I made the change yesterday. I only replaced the server's certificate, since that is the only component that changed. No CA changes were made. The change was succesful and the mid-tier came up ok.</P><P>&nbsp;</P><P>Both IE and Chrome are now connecting ok.</P><P>&nbsp;</P><P>Thanks for all the inputs&nbsp;<a href="https://communities.sas.com/t5/user/viewprofilepage/user-id/35204">@JuanS_OCS</a></P> Fri, 28 Jul 2017 01:32:05 GMT https://communities.sas.com/t5/Administration-and-Deployment/Renew-TLS-server-certificate-for-webserver/m-p/383533#M9649 nhvdwalt 2017-07-28T01:32:05Z