Imperva Cyber Community

We have received "SSL Certificate Expiry" on Gateway in the vulnerability assessment results.

Please advise the process to renew the default SSL Certificate on Gateway. Thanks in advance.

Hi Rakesh

You will unregister and register the gateway

And the certificate renew automatically

We have received "SSL Certificate Expiry" on Gateway in the vulnerability assessment results.

Please advise the process to renew the default SSL Certificate on Gateway. Thanks in advance.

Thanks,

Could you please share steps if possible. 

Hi Rakesh

You will unregister and register the gateway

And the certificate renew automatically

We have received "SSL Certificate Expiry" on Gateway in the vulnerability assessment results.

Please advise the process to renew the default SSL Certificate on Gateway. Thanks in advance.

We have received "SSL Certificate Expiry" on Gateway in the vulnerability assessment results.

Please advise the process to renew the default SSL Certificate on Gateway. Thanks in advance.

Hello Rakesh,

Thank you for your post, please refer to the following steps to un-register and register back the gateway to MX.

·        Go to GW CLI and run the following commands:

impctl gateway stop

impctl gateway unregister

impctl gateway register

impctl gateway start

·        Verify with your browser or using this command: openssl s_client -connect <GW-IP>:443 | openssl x509 -noout -dates

We have received "SSL Certificate Expiry" on Gateway in the vulnerability assessment results.

Please advise the process to renew the default SSL Certificate on Gateway. Thanks in advance.

Thanks Syed for the great information. 

Kindly help to advise on below. Appreciate your response. 

1- May I know the steps you provided work for all types of deployments or any deviations, example ->

   a) if GWs are in HA

   b) if GWs are in cluster 

2- so every time when GW cert is about to expire do we need to perform the same steps to renew cert in GW? 

impctl gateway stop

impctl gateway unregister

impctl gateway register

impctl gateway start

3-After every patch, upgrade, does the GW cert auto renew?

Hello Rakesh,

Thank you for your post, please refer to the following steps to un-register and register back the gateway to MX.

·        Go to GW CLI and run the following commands:

impctl gateway stop

impctl gateway unregister

impctl gateway register

impctl gateway start

·        Verify with your browser or using this command: openssl s_client -connect <GW-IP>:443 | openssl x509 -noout -dates

We have received "SSL Certificate Expiry" on Gateway in the vulnerability assessment results.

Please advise the process to renew the default SSL Certificate on Gateway. Thanks in advance.

Hello Rakesh,

Thank you for your post, please refer to the following steps to un-register and register back the gateway to MX.

·        Go to GW CLI and run the following commands:

impctl gateway stop

impctl gateway unregister

impctl gateway register

impctl gateway start

·        Verify with your browser or using this command: openssl s_client -connect <GW-IP>:443 | openssl x509 -noout -dates

We have received "SSL Certificate Expiry" on Gateway in the vulnerability assessment results.

Please advise the process to renew the default SSL Certificate on Gateway. Thanks in advance.

Hi Syed,

Are these steps included in the official Knowledge Base documentation? 

Hello Rakesh,

Thank you for your post, please refer to the following steps to un-register and register back the gateway to MX.

·        Go to GW CLI and run the following commands:

impctl gateway stop

impctl gateway unregister

impctl gateway register

impctl gateway start

·        Verify with your browser or using this command: openssl s_client -connect <GW-IP>:443 | openssl x509 -noout -dates

We have received "SSL Certificate Expiry" on Gateway in the vulnerability assessment results.

Please advise the process to renew the default SSL Certificate on Gateway. Thanks in advance.