arcserve-KB : How to renew an Expired SSL Certificate without stopping arcserve RHA Control Service

Last Update: 2016-04-25 13:47:27 UTC


This article describes the necessary steps for renewing an expired SSL certificate, either authorized or self-signed. This procedure is required when you are already using an SSL certificate to secure your communication, your current certificate has expired, and you want install a new certificate.

To renew an expired SSL certificate

1. Obtain a new certificate, and install it on the machine where the Control Service is running.

2. To remove the old certificate binding, change to the RHA working directory in RHA control server.


3. Run following command:

    httpcfg.exe delete ssl -i{CS SSL Port Number}

    Note: The CS SSL Port Number parameter is the port number you entered during the Control Service installation.

               You can find it in the ws_man.exe.config file, under the 'ws_port' value.

    The command result should not return any errors. The end of the message should be:   …completed with 0.


 4. To bind the new certificate to the Control Service SSL port, run the following command:

      httpcfg.exe set ssl -i{CS SSL Port Number} -h {New Certificate SslHash}


  • The httpcfg.exe parameter is a standard utility for Windows Servers, and you can find it in the Control Service installation directory.
  •  You can find the New Certificate SslHash parameter in the Certificate dialog, on the Details tab, under the Thumbprint value:


                     Remember to enter the Thumbprint value WITHOUT the spaces between the characters, like this:



              The command result should not return any errors. The end of the message should be:  …completed with 0.

The SSL certificate is now renewed.

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request