If you are using AGAT certificate, you will get it from AGAT support before expiration of current certificate.
Please copy this certificate to X:\Agat\Bastion\Cert.
You need to install the new certificate on "Local Machine"
Click Next and provide the password from Bastion.xml
Place the certificate on "Personal"
"Next" and "Finish"
To change the Bastion certificate you need to edit your bastion.xml file located at:
Agat/Bastion/bastion.xml
In each listener you have configured you should look at the certificates tag:
- caBundleFile - path to the certificate authority bundle file (in case that you want to use ssl from Bastion to the published server)
- caCertsDirPath - path to the certificate authority files (in case that you want to use ssl from Bastion to the published server)
- ignoreUpstreamCertificatesErrors - whether or not published certificates should be verified
- path - the certificate location that the Bastion will present to clients
- privatekey - the private key location related to the certificate
- intermediateCaChain - path to intermediate ca bundle file
You can configure the certificate in a few ways:
- Use a .pfx file containing both the public and private key (in that case you do not need enter in privatekey tag)
- Use seperate files for the certificate and the private key.
- Use a certificate installed in your local machine certificate store (as shown in the picture). In that case you do not need to enter a value to the privatekey tag.
The path should look as follows:
store:/LocalMachine/My/#667B3CC8ADF2B13BB9F4BF258F3232C337EE3389
For the store name you can use:
- LocalMachine
- CurrentUser
- CurrentService
For each one of those you can use:
- MY
- ROOT
- TRUST
- CA
# Marks that the following is thumbprint of the certificate found in the relevant store.
You can find the thumbprint by opening the certificate and going to the details tab, there you should look for the Thumbprint field: