How can I update expired Aras certificates
How can I update expired Aras certificates
Hi Haider and Hkhan,
were you able to find a solution for this one?
I need to find a solution...till 2024. So there is no real hurry. But I think this topic will become relevant for many users who don´t update on a regular basis. So it´s better to be prepared.
I haven´t done any tests regarding custom certificates yet. And so far I haven´t seen any document related to certificates in https://www.aras.com/support/documentation/ . Not sure if Aras is aware of the issue.
IMPORTANT: For anyone who came across this post by accident: If you use the same Innovator 12+ instance for around 2 years, check the validity of your certificates. You might be affected by the topic of this post too.
Hope this posts gets more attention.
Thanks again for bringing up the topic!
Angela
Hello Angelalp,
I contacted Aras for help and the following is the solution they provided
To generate new certificates:
CreateOAuthCertificates.bat <ServerName> <Password>
Where:
ServerName – the name of the server for which a certificate should be generated (OAuthServer, InnovatorServer, VaultServer, AgentService, SelfServiceReporting).
Password – the password for the private certificate.
Note: Each run of the batch file generates a pair of certificates in the {Current_Directory}\Output\ directory, for example: OAuthServer.cer (public certificate) and OAuthServer.pfx (private certificate protected by the password). You will need to run this for each part of the application components.
Once the Certificates have been created copy them the corresponding directories.
Deploying the OAuthServer Certificates:
Deploying the Aras Innovator Server Certificates
Deploying the Vault Server Certificates:
Deploying the Agent Service Certificates
Deploying the Self Service Reporting Certificates:
Specify password in oauth\client\secret\certificate\@password attribute of SelfServiceReporting\OAuth.config file.
Hi Hkhan,
many thanks for sharing this information! I made a quick test and the resulting certs lock fine.
I am a little bit proud that my earlier openssl idea wasn´t so wrong at all. It´s exactly the same concept that Aras uses.
Best wishes!
Angela
Thanks so much for posting this answer. Our production Innovator server ran into this problem yesterday - the symptom from the users was an HTTP 500 error when accessing files from the Vault which had been fine minutes before. After a lot of head-scratching I traced it back to a failing OAuth token request, and then the expired certificates.
Aras really need to add this information and that certificate generator more clearly somewhere, or better yet have the installer create a scheduled task. That was a stressful night!
Thanks so much for posting this answer. Our production Innovator server ran into this problem yesterday - the symptom from the users was an HTTP 500 error when accessing files from the Vault which had been fine minutes before. After a lot of head-scratching I traced it back to a failing OAuth token request, and then the expired certificates.
Aras really need to add this information and that certificate generator more clearly somewhere, or better yet have the installer create a scheduled task. That was a stressful night!
When I have read the "harmlessly phrased" question the first time one month ago, my face got white and chills ran down my back. I was really scared after I checked the certificates of my old server. Thanks for confirming the disaster!
I agree that Aras should publish something "official" regarding the certificates. I will try to reach somebody. Or I write something by myself in cause they don´t react.
Copyright © 2024 Aras. All rights reserved.