Solved: Re: easy awcm certificate update

GiorgioFalcone · ‎12-10-2019

Hi,

I'm looking for an easy way to update awcm public ssl certificates.

I already tried with keytool command, but with no luck. AWCM service does not start correctly.

Does anyone have easier methods? Is ' AWCM Secure Channel Installer' related to awcm update?

Thanks

Giorgio

BDBos · ‎12-10-2019

This is the procedure that we follow internally. No guarantee, but it works for us.

Certificate Airwatch CloudMessaging

Keystore location: C: or AirWatch or AirWatch or AWCM or config

Keystore file: awcm.keystore

Password: (see password sheet)

Open with: https://keystore-explorer.org/downloads.html

1. Create a new KeyStore
1.a Type: JKS
2. Import Key pair
2.a Type: PKCS # 8
2.b Select PKCS # 8 Private Key File ( .key)
2.c Select Certificate (s) File ( .crt)
2.d Import
2.e Enter Alias (leave it on what is entered by default)
2.f Enter the encryption password (same as wildcard pfx)
3. Save the file
3.a Enter a KeyStore password (same as wildcard pfx)
4. Make a backup of the old KeyStore on the server
5. Copy the new KeyStore

Check the certificate on the following external url:
https://l:2001/awcm/statistics

View solution in original post

DubravkoJug · ‎12-10-2019

Hi,
I only know one method.
Start installer and remove AWCM component.
Reboot server
Start installer and add AWCM component and add new certificate.

BR,
Dubravko

BDBos · ‎12-10-2019

This is the procedure that we follow internally. No guarantee, but it works for us.

Certificate Airwatch CloudMessaging

Keystore location: C: or AirWatch or AirWatch or AWCM or config

Keystore file: awcm.keystore

Password: (see password sheet)

Open with: https://keystore-explorer.org/downloads.html

1. Create a new KeyStore
1.a Type: JKS
2. Import Key pair
2.a Type: PKCS # 8
2.b Select PKCS # 8 Private Key File ( .key)
2.c Select Certificate (s) File ( .crt)
2.d Import
2.e Enter Alias (leave it on what is entered by default)
2.f Enter the encryption password (same as wildcard pfx)
3. Save the file
3.a Enter a KeyStore password (same as wildcard pfx)
4. Make a backup of the old KeyStore on the server
5. Copy the new KeyStore

Check the certificate on the following external url:
https://l:2001/awcm/statistics

WilbertKandt · ‎12-13-2019

I always follow the same (supported) method as @Dubravko. Below the complete procedure:

1) Create snapshot of server.
2) Copy .pfx certificate to the server.
3) Start- > Control Panel -> Add / Remove Programs.
4) Right-click on Workspace ONE and click on Change.
5) Follow the installation steps. De-select the AWCM component (this feature will not be available) and end the steps.
6) Right-click again on Workspace ONE and click on Change.
7) Follow the installation steps. Select the AWCM component (this feature will be installed on local drive).
😎 Next, at ' AWCM Server settings' , select the option “Use Custom SSL certificate?”.
9) Add the certificate inclusive private key (.pfx).
10) End the installation steps

11) Test the new certificate binding. This can be done with an internet services like https://www.immuniweb.com/ssl/ (be sure to use the https://:2001) or with OpenSSL:
    - OpenSSL> s_client -showcerts -connect :2001.
    - Copy the first certificate information (from “---begin certificate---“ to “---end certificate---“) and save it as certificate.cer.
    - Now open and validate the certifcate.

12) Just to be sure, I always reboot the ' console servers' and ' devices servers' that the adjustment has no impact on connection between those components.
       After reboot, also be sure to check device connectivity from multiple devices, e.g. with ContentLocker.
13) After functional validation, remove the snapshot

GiorgioFalcone · ‎12-13-2019

Thanks to everyone.

My problem was that the certificate inside the keychain must have the same password that had the certificate before.
If I set another password, the AWCM doesn't start. Now that I know that info, AWCM update is a lot easier

Thanks
Giorgio

All

easy awcm certificate update

Enterprise Integration