How to upgrade an SSL certificate for an ILS Wireless Gateway
Procedure Steps
Expired or compromised SSL certificates can be upgraded using the steps below:
- Launch a Command Prompt on the computer where the new SSL certificate files are located.
- In the Command Prompt, change the current directory to the directory that contains the new SSL certificate files.
- Open an FTP connection to the Wireless Gateway using the following command. Substitute the correct IP address of the Wireless Gateway for the IP address in the following command:
ftp 192.168.165.100
The default username isroot
.
The default password isNetsilicon
. - Once logged in, verify the files currently loaded on the Wireless Gateway using the following command:
dir
- Type the commands below to upload the new SSL certificate files to the Wireless Gateway:
put WAPClient.pem
put svrcert.pem - Log out of the FTP session using the following command:
quit
- Cycle power to the Wireless Gateway to reboot it.
- Repeat steps 1 through 7 for each Wireless Gateway in the system.
- On the computer where Communication Server is running, in the %ProgramFiles%\OnGuard\Certificates folder, replace the existing version of WAPClient.pem with the new version of WAPClient.pem.
- Restart the LS Communication Server service.
- Ensure that all Wireless Gateways appear online in Alarm Monitoring.
Applies To
Lenel ILSAdditional Information
Note: SSL certificates only affect communication between Wireless Gateways and OnGuard, so the locks themselves will continue to grant or deny access properly, even if the SSL certificates expire.
Symptoms requiring new SSL certificates include errors in the LenelError.log, similar to the one below. Contact Lenel Technical Support to request new SSL certificates if you encounter the error below:
"TIME: [12/22/2010 12:33:01 PM]
SEVERITY: Warning
ERROR CODE: 0x10010008
PROGRAM: Lnlcomsrvr
FILE: .\Transport.cpp (LINE 452)
DETAILS: General warning.: OpenSSL 'SSL_connect' method failed. The return value: -1, the error code: 1. Error queue:
error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed"