Before I start tinkering…is there a supported method for changing the selected cert for both Royal Server and the Secure Gateway via CLI? Or for simply updating which cert RS uses without manual intervention? If not, it looks like I could potentially achieve this using PowerShell by updating the thumbprint listed in the appsettings.json file and then restarting the service. Is that accurate?
Use case: I use LE certs for anything Internet facing on my network and it’s really annoying to have to set a reminder to change the cert.
There is no dedicated CLI command to do this, but you can easily achieve it by simply assigning the certificates’ thumbprints in appsettings.json.
- For the Management Module update the key
CertThumbPrint
- For Secure Gateway update the key
GatewayFingerprint in the section SecureGateway.
Note, that the Secure Gateway component requires the certificate key to be marked exportable as it is used to prove ownership of the corresponding private key to the client in order to verify the identity of the server.
I hope this helps,
Hans
Thank you Hans!
This also explains another issue that I was having with the Secure Gateway module and certs.