This is a how-to for Manually renew the NovaStor DC Command Server SSL certificate, which is installed on the Command Server 8.1.x versions for Windows, utilized by both the Web UI (DC Web Console) and the Java GUI (DC Management Console), and to communicate to the client nodes. This guide covers only 8.1.x versions, we have other guides that apply to older versions such as 8.0.x, and newer versions such as 8.2.13 and newer, where those alternate instructions differ slightly. You can confirm your version of DataCenter by viewing the properties of the file '%ProgramFiles%\NovaStor\DataCenter\gui-client\DataCenter-GUI.exe' on the Command Server system, like this example shows:
The SSL certificate that is stored on the Command Server 8.1.x machine is generated with a validity length of 1 year for version 8.1.x; in version 8.0.x there was a 90 days validity length, and in 8.2.13 and newer it was changed to increase to a 5 year validity length. If you were to install the Command Server 8.1.x on June 1, 2020, then it will be valid until May 30, 2021, and beyond that date then it will be in the expired state, and will require renewal. If the certificate validity is expired it will just require you to ignore an extra invalid cert warning due to the cert being expired, when accessing the Web UI via certain web browsers (Firefox in this example), and it will deny you from being able to login to the Java GUI (DC Management Console) app if that Java GUI app is installed on a separate machine from the Command Server machine. The SSL certificate renewal process is currently a manual process that you will need to perform from your Command Server machine directly.
Steps for Windows based Command Server 8.1.x (not including 8.0.x and 8.2.x or newer versions, we have other guides that apply to those versions where the instructions differ slightly):
- Login to the Command Server computer and start an Admin Command Prompt on it.
- Type: cd %ProgramFiles%\NovaStor\DataCenter\etc\central_scripts\
- Note: If you did not install the Command Server in the default Program Files folder,
- Type: renew_cert.bat
- Make sure that the last output of the command is displayed as: "Certificate was added to keystore".
- Via the Command Server system, restart all of the DataCenter services on the Command Server system. If this is not done the cert will not actually be loaded in to memory on the Command Server system as to utilize it.
- Via the Command Server system, confirm that all DataCenter services on the Command Server system are in the Running state. If any are not then start that service and confirm that they all show running for the status.
- Via the Command Server system, login to the Web UI (DC Web Console) and the Java GUI (DC Management Console). You should be able to login successfully now.
- Now clear all of the web browser's cache/cookies that access the Command Server's WebGUI website. Attempt to access the WebGUI URL from those web browsers once more to verify the SSL certificate's validity dates. The new SSL certificate validity should provide you with 90 days of additional validity from today's date, if you view the primary SSL certificate file, which is the only .cer file in the '%ProgramFiles%\NovaStor\DataCenter\etc\' folder. To confirm that just double click on the only .cer file in that folder, and it will display the validity of the cert for you to confirm the validity / expiration date.
NOTE: If the Java GUI (DC Management Console) application is also installed on any additional separate systems other than the Command Server system, such as a Windows 10 workstation system, or any system that is not the Command Server system, and you are having trouble logging in to the Java GUI (DC Management Console), then it is likely that either the version of the GUI does not match the Command Server version and now needs to be upgraded to match the Command Server, or the SSL certificate on the Command Server has expired, or the computer's clock is not set correctly and inaccurate that you are attempting to utilize the app from. If you see any of these warnings or errors it means the SSL cert is likely to have expired and will need to be manually renewed using this guide:
After loading the Java GUI (DC Management Console) and just after attempting to click on the "Login" button a red error box is displayed, with no error text inside it, like in this example, then proceed to the next screenshot:
If the red error box with no text in it is displayed, just click the "Login" button again to see the full error, which may mention "The server's SSL certificate may not be available in the local certificate store":
If the Web UI (DC Web Console) displays a warning in your web browser like this, whereby it says the Command Server website is misconfigured or your computer is set to the wrong time, this likely means that the SSL certificate has expired on the Command Server, and will need to be manually renewed using the steps in this guide:
Once the SSL certificate is manually renewed and the Command Server's services have been restarted, then you can retry Steps 8-9 in this guide.