How to upgrade an SSL certificate for an ILS Wireless Gateway
Expired or compromised SSL certificates can be upgraded using the steps below:
- Launch a Command Prompt on the computer where the new SSL certificate files are located.
- In the Command Prompt, change the current directory to the directory that contains the new SSL certificate files.
- Open an FTP connection to the Wireless Gateway using the following command. Substitute the correct IP address of the Wireless Gateway for the IP address in the following command:
The default username is
The default password is
- Once logged in, verify the files currently loaded on the Wireless Gateway using the following command:
- Type the commands below to upload the new SSL certificate files to the Wireless Gateway:
- Log out of the FTP session using the following command:
- Cycle power to the Wireless Gateway to reboot it.
- Repeat steps 1 through 7 for each Wireless Gateway in the system.
- On the computer where Communication Server is running, in the %ProgramFiles%\OnGuard\Certificates folder, replace the existing version of WAPClient.pem with the new version of WAPClient.pem.
- Restart the LS Communication Server service.
- Ensure that all Wireless Gateways appear online in Alarm Monitoring.
Applies ToLenel ILS
Note: SSL certificates only affect communication between Wireless Gateways and OnGuard, so the locks themselves will continue to grant or deny access properly, even if the SSL certificates expire.
Symptoms requiring new SSL certificates include errors in the LenelError.log, similar to the one below. Contact Lenel Technical Support to request new SSL certificates if you encounter the error below:
"TIME: [12/22/2010 12:33:01 PM]
ERROR CODE: 0x10010008
FILE: .\Transport.cpp (LINE 452)
DETAILS: General warning.: OpenSSL 'SSL_connect' method failed. The return value: -1, the error code: 1. Error queue:
error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed"