This is a how-to for Manually renew the NovaStor DC Command Server SSL certificate, which is installed on the Command Server 8.2.13 and newer versions, for Windows, utilized by both the Web UI (DC Web Console) and the Java GUI (DC Management Console), and to communicate to the client nodes. The matching video edition of this tutorial is here. This guide covers only 8.2.13 and newer versions, we have other guides that are linked later in this sentence, that apply to the older versions such as 8.0.x, and 8.1.x, where those alternate instructions differ slightly; so be sure to pick the correct guide that applies to your version. You can confirm your version of DataCenter by viewing the properties of the file '%ProgramFiles%\NovaStor\DataCenter\gui-client\DataCenter-GUI.exe' on the Command Server system, like this example shows:
The SSL certificate that is stored on the Command Server machine is generated with a validity length of 5 years for version 8.2.13 and newer versions; (in version 8.1.x this was increased to a 1 year validity length, and in 8.0.x it only had a 90 days validity length). If you were to perform a fresh / clean install (a non-upgrade install) of Command Server 8.2.13 on February 23, 2021, then the new SSL certificate on the Command Server will be valid until February 22, 2026, and in that case it will be in the expired state on February 23, 2026, and will require a manual renewal of the certificate, which this guide covers. If you were to perform an upgrade install (a non-clean / fresh install) of an existing Command Server 8.2.7 or older version to upgrade that to Command Server 8.2.13 on February 23, 2021, then the new SSL certificate on the Command Server will be valid until February 22, 2026, and in that case it will be in the expired state on February 23, 2026, and will require a manual renewal of the certificate, which this guide covers. Conversely to the above cases, if you were to perform an upgrade install (a non-clean / fresh install) of an existing Command Server 8.2.8 or newer version, then the existing SSL certificate will NOT BE RENEWED or touched in that case. If the SSL certificate has expired (beyond the valid to date) it will just require you to ignore an extra invalid cert warning due to the cert being expired, when accessing the Web UI via certain web browsers (Firefox in this example), and it will deny you from being able to login to the Java GUI (DC Management Console) app if that Java GUI app is installed on a separate machine from the Command Server machine. The SSL certificate renewal process is currently a manual process that you will need to perform from your Command Server machine directly.
Steps for Windows based Command Server 8.2.13 and newer versions:
- Login to the Command Server computer and start an Admin Command Prompt on it.
- Type: cd %ProgramFiles%\NovaStor\DataCenter\etc\central_scripts\
- Note: If you did not install the Command Server in the default Program Files folder,
- Type: renew_cert.bat
- Make sure that the last output of the command is displayed as: "Certificate was added to keystore".
- Via the Command Server system, in Windows Services (services.msc) restart all of the DataCenter services on the Command Server system. If this is not done the cert will not actually be loaded in to memory on the Command Server system as to utilize it.
- Via the Command Server system, refresh the Windows Services (services.msc) listing and verify that all DataCenter services on the Command Server system are in the Running state. If any are not then start that service and confirm that they all show running for the status.
- Via the Command Server system, login to the Web UI (DC Web Console) and the Java GUI (DC Management Console). You should be able to login successfully now. If using the Web UI in your web browser you can inspect the SSL certificate once the website loads, to confirm the cert's valid from and valid to dates, in the web browser, to confirm that the SSL cert expires in 5 years from now. If the web browser still shows the old certificate details with incorrect valid from and valid to dates, confirm that you did not have an issue in Step 4 and 5, and that you performed Steps 6-7.
- Clear all of your web browser's cache/cookies that access the Command Server's WebGUI website. Now attempt to access the Web UI (DC Web Console) website from those web browsers once more to verify the SSL certificate's validity dates. The new SSL certificate validity should provide you with 5 years of additional validity from now, if you view the primary SSL certificate file, which is the only .cer file in the '%ProgramFiles%\NovaStor\DataCenter\etc\' folder. To confirm that just double click on the only .cer file in that folder, and it will display the validity of the cert for you to confirm the validity / expiration date.
NOTE: If the Java GUI (DC Management Console) application is also installed on any additional separate systems other than the Command Server system, or any system that is not the Command Server system, and you are having trouble logging in to the Java GUI (DC Management Console), then it is likely that either the version of the GUI does not match the Command Server version and now needs to be upgraded to match the Command Server, or the SSL certificate on the Command Server has expired, or the computer's clock is not set correctly and inaccurate that you are attempting to utilize the app from. If you see any of these warnings or errors it means the SSL cert is likely to have expired and will need to be manually renewed using this guide:
After loading the Java GUI (DC Management Console) and just after attempting to click on the "Login" button a red error box is displayed, with no error text inside it, like in this example, then proceed to the next screenshot:
If the red error box with no text in it is displayed, just click the "Login" button again to see the full error, which may mention "The server's SSL certificate may not be available in the local certificate store":
If the Web UI (DC Web Console) displays a warning in your web browser like this, whereby it says the Command Server website is misconfigured or your computer is set to the wrong time, this likely means that the SSL certificate has expired on the Command Server, and will need to be manually renewed using the steps in this guide:
Once the SSL certificate is manually renewed and the Command Server's services have been restarted, then you can retry Steps 8-9 in this guide.