GiorgioFalcone
Enthusiast
Enthusiast

easy awcm certificate update

Jump to solution

Hi,


 


I'm looking for an easy way to update awcm public ssl certificates.


 


I already tried with keytool command, but with no luck. AWCM service does not start correctly.


 


Does anyone have easier methods? Is ' AWCM Secure Channel Installer'  related to awcm update?


 


Thanks


Giorgio

Labels (1)
0 Kudos
1 Solution

Accepted Solutions
BDBos
Enthusiast
Enthusiast
This is the procedure that we follow internally. No guarantee, but it works for us.

Certificate Airwatch CloudMessaging

Keystore location: C:  or  AirWatch  or  AirWatch   or  AWCM  or  config

Keystore file: awcm.keystore

Password:  (see password sheet)

Open with: https://keystore-explorer.org/downloads.html

1. Create a new KeyStore
1.a Type: JKS
2. Import Key pair
2.a Type: PKCS # 8
2.b Select PKCS # 8 Private Key File ( .key)
2.c Select Certificate (s) File ( .crt)
2.d Import
2.e Enter Alias (leave it on what is entered by default)
2.f Enter the encryption password (same as wildcard pfx)
3. Save the file
3.a Enter a KeyStore password (same as wildcard pfx)
4. Make a backup of the old KeyStore on the server
5. Copy the new KeyStore

Check the certificate on the following external url:
https://l:2001/awcm/statistics

View solution in original post

0 Kudos
4 Replies
DubravkoJug
Contributor
Contributor
Hi,
I only know one method.
Start installer and remove AWCM component.
Reboot server
Start installer and add AWCM component and add new certificate.

BR,
Dubravko
0 Kudos
BDBos
Enthusiast
Enthusiast
This is the procedure that we follow internally. No guarantee, but it works for us.

Certificate Airwatch CloudMessaging

Keystore location: C:  or  AirWatch  or  AirWatch   or  AWCM  or  config

Keystore file: awcm.keystore

Password:  (see password sheet)

Open with: https://keystore-explorer.org/downloads.html

1. Create a new KeyStore
1.a Type: JKS
2. Import Key pair
2.a Type: PKCS # 8
2.b Select PKCS # 8 Private Key File ( .key)
2.c Select Certificate (s) File ( .crt)
2.d Import
2.e Enter Alias (leave it on what is entered by default)
2.f Enter the encryption password (same as wildcard pfx)
3. Save the file
3.a Enter a KeyStore password (same as wildcard pfx)
4. Make a backup of the old KeyStore on the server
5. Copy the new KeyStore

Check the certificate on the following external url:
https://l:2001/awcm/statistics
0 Kudos
WilbertKandt
Enthusiast
Enthusiast
I always follow the same (supported) method as @Dubravko. Below the complete procedure:

1) Create snapshot of server.
2) Copy .pfx certificate to the server.
3) Start- > Control Panel -> Add / Remove Programs.
4) Right-click on Workspace ONE and click on Change.
5) Follow the installation steps. De-select the AWCM component (this feature will not be available) and end the steps.
6) Right-click again on Workspace ONE and click on Change.
7) Follow the installation steps. Select the AWCM component (this feature will be installed on local drive).
😎 Next, at ' AWCM Server settings' , select the option “Use Custom SSL certificate?”.
9) Add the certificate inclusive private key (.pfx).
10) End the installation steps

11) Test the new certificate binding. This can be done with an internet services like https://www.immuniweb.com/ssl/ (be sure to use the https://:2001) or with OpenSSL:
    - OpenSSL> s_client -showcerts -connect :2001.
    - Copy the first certificate information (from “---begin certificate---“ to “---end certificate---“) and save it as certificate.cer.
    - Now open and validate the certifcate.

12) Just to be sure, I always reboot the ' console servers'  and ' devices servers'  that the adjustment has no impact on connection between those components.
       After reboot, also be sure to check device connectivity from multiple devices, e.g. with ContentLocker.
13) After functional validation, remove the snapshot
0 Kudos
GiorgioFalcone
Enthusiast
Enthusiast
Thanks to everyone.

My problem was that the certificate inside the keychain must have the same password that had the certificate before.
If I set another password, the AWCM doesn't start. Now that I know that info, AWCM update is a lot easier

Thanks
Giorgio
0 Kudos