Skip to content

How To Change HySecure SSL Certificate Validity

This article gives you how to change the HySecure SSL certificate validity date after preboot. Sometimes when user install HySecure with smaller validity period (like 365 days). After 365 days of installation certificate user not able to login using that certificate into HySecure server. If certificate user try to login it will show error message like incorrect password although password is correct. Then check the user certificate validity from IE browser. Open IE browser and go to internet options | content tab | certificates | personal tab. Here you need to find out the certificate user and click on view option. Then user can see the user SSL certificate validity date. User SSL certificate validity should be valid.

Steps to change HySecure SSL certificate validity

For changing the SSL certificate validity user need to have SSH access of HySecure server or use winscp tool. User need to login as "vpnsadmin" user into HySecure server.
1. Go to location "/home/fes/fescommon/"
Take the SSH access of HySecure server or login into HySecure server using winscp tool. Then go to location "/home/fes/fescommon/"

2. Modify following files and edit the days tag in CA section
There are three files (config.xml, fes.xml and origin.xml) in this directory. User need to modify days tag in CA section of these three files. You can put max validity days of 3650 (10 years).
If you are using winscp tool then you need to search the file and double click to modify.
If you are using putty SSH then you need to modify these files using command line.


3. Restart HySecure services.
After changing the days tag on these three files please restart HySecure services. User can do this manually or by restarting the HySecure server. If you want to restart HySecure services manually please take the SSH access of HySecure server and run following command. First you need to stop HySecure services. command is "pkill fes"to stop the HySecure services.
Then start HySecure services using this command "/home/fes/fes /home/fes".

4. Create new certificate user.
Now if user create new SSL certificate user on HySecure server then validity of this new SSL certificate will be 10 years (3650 days).
You can create new certificate user by reset passphrase from backend (OS console). If certificate user not able to login into gateway due to SSL certificate expired. Please change the HySecure server date using command line to older date according to old SSL certificate date. Then certificate user can login into HySecure server and create a new certificate user. This new certificate will have 10 years validity. Now en-roll this new passphrase and again change the HySecure server date to current date using command line.

Command to change the gateway date.

  • date (for display the current date of Gateway)
  • date -s "Tue Jun 30 12:03:36 IST 2015" (set the new date on Gateway)