Skip to content

Manually Renew a Trust Center Registration Certificate

Manual renewal of Trust Center registration certificate is necessary if your Trust Center is installed in a Darksite or is unable to use the automatic renewal mechanism.

Important: Pre-requisites

This procedure requires access to the current Trust Center registration certificate.

Procedure

  1. Ensure that you have the latest version of the trust-center-ctl tool. trust-center-ctl is downloaded as part of the installation or upgrade process.

  2. Copy the archive to the machine where your Trust Center is installed.

    In a Darksite, copy the archive to the machine where you ran trust-center-ctl prepare, then extract the tool by running: tar xf /path/to/trust-center-ctl.tar.gz

  3. Run this command to generate a CSR for the new certificate:

    sudo ./trust-center-ctl renew-cert --reg-cert /path/to/registration.crt --reg-key /path/to/registration.key
    It will generate a new private key and a CSR named registration.csr. Copy the CSR file to a machine with Internet access so that you can continue to the next step.

    Caution

    Do not copy the private key from this machine. The private key should never leave the machine it was created on.

  4. On a machine with Internet access, create a support case to request a new registration certificate.

  5. Attach the CSR file to this ticket. HP staff will sign the CSR and attach the new certificate to the ticket, and you should receive a notification when the ticket has been updated.

  6. Download the new registration certificate and copy it to the machine where your Trust Center is installed. The file should be named registration.crt.

  7. On the machine where the Trust Center is installed, run the following command to install the new certificate:

    sudo ./trust-center-ctl upgrade registration-cert --reg-cert /path/to/registration.crt --reg-key /path/to/registration.key
    The new registration certificate should be installed in your Trust Center.