Digital Certificate Renewal

Several software products from Kisco Information Systems use self-issued digital certificates to support secure browser interfaces. One common issue with these self-issued certificates is that they periodically expire. When that happens, access to the browser sessions controlled by them is denied.

As a result, it is important to keep track of when your digital certificates are going to expire and renew them in advance of that time.

Reviewing Certificates For Expiration

To review your current certificates, start the Digital Certificate Manager server on your system. Instructions for this are in your application documentation. When DCM starts, choose the "Select a Certificate Store" button and select the *SYSTEM option. It will ask you for your password, then present a list of options in the left hand panel.

Open the "Manage Certificates" menu, then press "View certificate". Select the "Server or client" option and press "Continue". A list of your current certificates will be presented. Select each one and look at the dates in the "Validity period" field. Note the last date when the certificate will work; this is the expiration date.

Renewing A Certificate

When you have a certificate that is expiring, choose the "Renew certificate" option in the "Manage certificates" menu. A list of your certificates will be shown. Select the one that you want to renew and press the "Renew" button. Since these are self-issued certificates, select the "Local Certificate Authority (CA)" on the next panel and press "Continue".

You will now have to fill out the settings for a new certificate including assigning a new name to it. When you are done, press the "Continue" button. A list of your applications will now be displayed. Select the application (or applications) that you want to use the renewed certificate. When ready, select the "Continue" button. At this point, you will have issued a new certificate and assigned it to your application.

Kisco recommends that you view the new certificate and verify that the expiration date has now been extended. If it was not extended, contact Kisco support as this may be an indication of a different issue. It is possible that your Local CA has expired if this happens. Here is a link to a procedure from IBM for renewing your Local CA.