SSL Certificate Expiry
Last updated
Last updated
If you have any version less than v8.07.002, you will see this error:
If you are experiencing a SEC_ERROR_EXPIRED_CERTIFICATE for either the Console or the API Agent and you are both running a version v8.07.002 AND using our domain name to deploy your Console and/or our API Agent, here's how to resolve this error.
The key bundled with the application was renewed as of v8.07.002. Upgrade your deployment to this version or above to access the new key for our certificate and to avoid this error.
Most browsers allow you to bypass the SEC_ERROR_EXPIRED_CERTIFICATE error. Bypass it and log in to the Console.
To upgrade, click the 'Cloud' icon in your Console and select your upgrade version. Keep in mind you must move to the latest minor version of your major version prior to moving to the next major version. In this example, v7.11 is already the latest version of v7, so we can just go to v8.00.000 and then the latest v8 version.
We provide our own domain name to register Console and API Agent services, but you can use your own self-managed SSL Certificates to manage these services. This way, you won't encounter issues when our certificates expire. Keep in mind, you will have to manage your own certificate renewal.
Setting Custom SSL Certs for the Console
If you want to use your own certificate for the Console, we require a valid certificate imported into ACM. In the CloudFormation stack for our application, we provide an Optional Load Balancer Configuration page. Select 'Yes' for 'Use a Load Balancer for the Console?' and place in your SSL Certificate ARN in the designated location. After the Console deploys, set a CNAME record from your SSL Certificate to the Load Balancer's DNS name.
Setting Custom SSL Certs for the API Agent
The API Agent Configuration allows the setting of a custom SSL Cert for the Load Balancer that will be placed in front of the API Agent service.
Assuming your SSL Certificate is imported into ACM, place the SSL Certificate ARN into the designated location and deploy the API Agent. After the Agent deploys, set a CNAME record from your SSL Certificate to the Load Balancer's DNS name.
While not recommended, some of our customers have fully private deployments where they are not concerned about the existence of an SSL Certificate on their Console for access.
Note that some workflows may be interrupted for the API Agent if handling isn't built in to ignore the SSL Certificate error.
We generally recommend fixes 1 and 2, but just note that it's possible to bypass this error, normal Console functioning will not be affected.
For more information on upgrading, please refer to the page.
For further reading, please refer to the page.
For further reading, please refer to the page.
