IBM Support

Renew the IBM MaaS360 VPN Module Server Certificate.

How To


Summary

The certificate utilized by the IBM MaaS360 VPN Module Server has an expiration date. To ensure the MaaS360 VPN server remains running, the certificate needs to be renewed manually. The details in this document provide the steps to renew any expired or soon to expire certificates used by the MaaS360 VPN Module Server configured within the IBM MaaS360 Cloud Extender product.

Objective

Detail how to renew MaaS360 VPN Module Server Certificates.

Environment

MaaS360 VPN Module configured on Cloud Extender within the last five years.

Steps

First, confirm the expiration dates for the MaaS360 VPN Module server certificate:

  1. Log in to the Cloud Extender Node, where the MaaS360 VPN module is configured.
  2. Navigate to the directory "C:\ProgramData\MaaS360\Cloud Extender\AR\DATA\VPN".
    NOTE: If the path may be hidden and not visible, then the path needs to be manually typed into Windows Explorer.
  3. Open the file "server.crt" by double-clicking the file and checking for validity.  The valid expiration dates is displayed on the panel.  
  4. If the certificate is expired, follow the section on how to renew the certificate.
How to renew MaaS360 VPN Module Server certificate:
  1. Open MaaS360 Cloud Extender Configuration Tool
  2. Click the VPN module tile on the Cloud Extender Configuration Tool to open up the VPN configuration panel.
  3. From the VPN Configuration panel click on the "Edit" icon.image-20230505115125-7
  4. Click "Next" on the VPN Prerequisites Status screen to reach the "Cluster Details" panel.
  5. From the "Cluster Details" panel, copy the configuration details on this screen because it is needed in a later step.image-20230505115848-9
  6. Once the configuration details are recorded, click "Cancel" at the bottom of the panel, and then answer "Yes" to confirm "Do you want to cancel?". 
    Selecting "Cancel", exits to the main Cloud Extender panel.
  7. Once more, click the VPN module tile on the Cloud Extender Configuration Tool to return to the VPN configuration panel.
  8. Once on the VPN configuration panel, select the "Delete" icon to delete the existing cluster -image-20230505120547-11
  9. When asked, "Do you want to delete?", click "Yes"
  10. Next, create a New cluster by selecting "Setup a new VPN cluster", pressing "Next", "Next" to reach the "Cluster Details" panel.
  11. Populate the "Cluster Details" panel with the information collected in step #5 except for the Cluster Name. The new VPN Cluster must contain a new/previously unused Cluster Name.  Press "Next"
  12. On the "Validate and Test VPN Settings" panel, perform the two tests available and verify they succeed. 
  13. Click "Save" to complete the new cluster configuration.
  14. To verify the certificates are renewed successfully, navigate to directory "C:\ProgramData\MaaS360\Cloud Extender\AR\DATA\VPN", and double-click file "server.crt".   

    image-20230508094532-3
    NOTE: If the newly created file name is "VPNCERT.crt ", rename it to "server.crt".  
  15. Close the Certificate file, MaaS360 Config Tool and Explorer window and exit from the remote desktop session as the VPN Server certificate renewal is successful.
  16. Follow the steps on "Portal Changes" to ensure the new VPN configuration is pushed to the device.

Portal Changes to Ensure the Updated VPN configuration is pushed out to the devices

  1. Log in to the portal and navigate to Policies
    image-20230508093314-1
  2. Click on the policy (which is configured to use VPN), and Edit the policy.
  3. From Device Settings > VPN, edit the VPN Connection name (to identify that the cluster configuration is changed)
  4. Make sure to select the updated cluster name configured in this process, under the dropdown "Select VPN server" image-20230731164716-1
  5. Make sure that "Maximum Connection Duration" is set to a non-zero value.
    image-20230508094355-2
  6. Save and Publish the policy.
  7. Wait for the changes made to the policy to be refreshed on devices.
  8. From device, connect to MaaS360 VPN to confirm access with updated certificates.
NOTE: The Portal steps noted that in this section is for the VPN when configured for iOS devices only. Repeat the steps for android policy, if policy is set up for both iOS and Android for VPN Module.

Document Location

Worldwide

[{"Type":"MASTER","Line of Business":{"code":"LOB24","label":"Security Software"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSYSXX","label":"IBM MaaS360"},"ARM Category":[{"code":"a8m0z000000GnO3AAK","label":"CLOUD EXTENDER"}],"ARM Case Number":"","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"All Versions"}]

Document Information

Modified date:
08 August 2023

UID

ibm16988621

Page Feedback