If you are renewing an expired SSL certificate in between Workspace ONE Assist releases, you must bind the renewed SSL certificate to the website and update the renewed site Thumbprint. This task updates the Thumbprint with AdminWebPortal.

If you are installing or upgrading the Workspace ONE Assist server, do not take these steps.

Prerequisites

During the normal course of installing or upgrading the Workspace ONE Assist server, you must also install the SSL certificate. But the Workspace ONE Assist installation or upgrade process takes care of binding the SSL certificate to the website for you and updating the site thumbprint.

You only need to follow these steps to update the site thumbprint with AdminWebPortal if you are manually renewing an expired SSL certificate in between Workspace ONE Assist installations or upgrades and have already bound it to the website.

Procedure

  1. Start the MMC console from the Workspace ONE Assist server.
  2. In the left-side panel, navigate to Console Root > Certificates (Local Computer) > Personal > Certificates and locate, by name, the SSL certificate you installed or updated recently.
  3. Double-click this SSL certificate.
    The Certificate screen displays.
  4. Select Details tab at the top.
  5. In the Show drop-down menu, select Properties Only.
  6. Click once on the text box Thumbprint.
    A series of number and letter pairs appears in the panel beneath the Show panel.
  7. Select all these pairs of characters and copy them to the clipboard. Close the MMC console.
  8. Open Notepad from the server desktop.
  9. Paste the clipboard contents into the empty notepad screen.
  10. In Notepad, enter the keyboard shortcut Ctrl-H.
    The Replace screen displays.
  11. Enter a single space in the Find what text box.
  12. Click the Replace All button and then close the Replace screen by clicking the X.
    All the spaces in between the number/letter pairs have been removed. Using notepad also takes the ANSI text copied from the MMC console and converts it to ASCII text, which is the format we want when we go to paste that thumbprint in the AdminWebPortal.
  13. In Notepad, select the newly formatted thumbprint and copy it to clipboard with Ctrl-C. Close Notepad.
  14. Open your browser and log into the AdminWebPortal using your credentials.
    For example, https://yourdomain.com/AdminWebPortal/login.aspx.
  15. Select the Default Service Configurations.
  16. In the Search bar, enter certid.
    To display the search results properly, you might need to scroll down to the page size modifier and maximize the number of pages it can display. Doing this sets a large enough playing field to display any search result.
  17. Identify the certid in the Parameter Name column. :ctl.svc.cnp.tch/certid. In the Options column of the same line, select the Edit () icon.
    Upon clicking the Edit icon, you might need to search for certid once again. Locate the certid Parameter Name and notice that the Parameter Value is now editable.
  18. Select the existing string of characters in the Parameter Value for :ctl.svc.cnp.tch/certid and replace it with the new Thumbprint string you have stored in your clipboard by applying the Ctrl-V keyboard shortcut.
  19. Select the Save () icon.
  20. Select Service Configuration.
  21. Search for ConnectionProctorService and review its Status column.
  22. For both Active status and Inactive status for ConnectionProctorService, select the Edit () icon and update the :ctl.svc.cnp.tch/certid Parameter Value with the new Thumbprint string (Ctrl-V).
  23. Select the Save () icon for each, as applicable.
  24. Select the Update button at the bottom of the page.
  25. Restart all services (Core and IIS services). Select the Start menu and enter run on your keyboard. In the Open text box, enter services.msc
    The Services application displays.
  26. Locate all services that are labeled Aetherpal.
  27. Stop all these Aetherpal services.
  28. Start all Aetherpal services.

Results

The site Thumbprint has been updated.