Start a new topic
Answered

Certificate Selection via CLI

Before I start tinkering...is there a supported method for changing the selected cert for both Royal Server and the Secure Gateway via CLI? Or for simply updating which cert RS uses without manual intervention?  If not, it looks like I could potentially achieve this using PowerShell by updating the thumbprint listed in the appsettings.json file and then restarting the service.  Is that accurate?

Use case: I use LE certs for anything Internet facing on my network and it's really annoying to have to set a reminder to change the cert.

Best Answer

There is no dedicated CLI command to do this, but you can easily achieve it by simply assigning the certificates' thumbprints in appsettings.json.


  • For the Management Module update the key `CertThumbPrint`
  • For Secure Gateway update the key `GatewayFingerprint` in the section `SecureGateway`.
    Note, that the Secure Gateway component requires the certificate key to be marked exportable as it is used to prove ownership of the corresponding private key to the client in order to verify the identity of the server.


I hope this helps,

Hans


Answer

There is no dedicated CLI command to do this, but you can easily achieve it by simply assigning the certificates' thumbprints in appsettings.json.


  • For the Management Module update the key `CertThumbPrint`
  • For Secure Gateway update the key `GatewayFingerprint` in the section `SecureGateway`.
    Note, that the Secure Gateway component requires the certificate key to be marked exportable as it is used to prove ownership of the corresponding private key to the client in order to verify the identity of the server.


I hope this helps,

Hans


1 person likes this

Thank you Hans!


This also explains another issue that I was having with the Secure Gateway module and certs.

Login or Signup to post a comment