Your suggested change has been received. Thank you.

close
Thales Logo

All

  • All
  • CipherTrust Manager
  • CipherTrust Application Data Protection (CADP)
  • CipherTrust Application Key Management (CAKM)
  • CipherTrust Batch Data Transformation (BDT)
  • CipherTrust Cloud Key Management (CCKM)
  • CipherTrust Data Discovery and Classification (DDC)
  • CipherTrust Data Protection Gateway (DPG)
  • CipherTrust Database Protection (CDP)
  • CipherTrust Intelligent Protection (CIP)
  • CipherTrust Integrations
  • CipherTrust Migrations
  • CipherTrust RESTful Data Protection (CRDP)
  • CipherTrust Transparent Encryption (CTE)
  • CipherTrust Transparent Encryption Userspace (CTE-U)
  • CipherTrust Secrets Management (CSM)
  • CipherTrust Vaulted Tokenization (CT-V)
  • CipherTrust Vaultless Tokenization (CT-VL)
  • CTE-Linux
  • CTE-Windows
  • CTE-AIX
  • CTE-K8s
  • CTE-U
  • Crypto Command Center
  • Data Protection on Demand
  • Luna Cloud HSM
  • Luna Network HSM
  • Luna PCIe HSM
  • Luna USB HSM
  • OneWelcome Identity Platform
  • ProtectApp LUKS
  • ProtectServer 2 HSM
  • ProtectServer 3 HSM
  • SafeNet Trusted Access (STA)
  • SafeNet MobilePASS+
  • SafeNet MobilePASS+ for Android
  • SafeNet MobilePASS+ for Chrome
  • SafeNet MobilePASS+ for macOS
  • SafeNet MobilePASS+ for iOS
  • SafeNet MobilePASS+ for WatchOS
  • SafeNet MobilePASS+ for Windows
  • SafeNet Synchronization Agent
  • SafeNet Logging Agent
  • SafeNet Agent for FreeRADIUS
  • SafeNet Agent for NPS
  • SafeNet Agent for Windows Logon
  • SafeNet Authentication Service Private Cloud Edition (SAS PCE)
  • SafeNet Remote Logging Agent
  • SafeNet Keycloak Agent
  • SafeNet IDPrime Virtual (IDPV)
  • SafeNet FIDO Key Manager
  • SafeNet FIDO Key Manager for Android
  • SafeNet FIDO Key Manager for iOS
  • SafeNet FIDO Key Manager for Windows
back

Installation

Client Certificate Renewal in Linux/Windows

search

Please Note:

printsuggest an edit

Client Certificate Renewal in Linux/Windows

Note

MS Cert store is not supported.
• The NAE_IP parameter must be same in both the configuration files for client certificate renewal.

This section provide information on how client certificate renewal will be implemented in CADP For C (Linux/Windows).

copy link to clipboardUtility for Certificate Renewal

While installing CADP for C, if you chose to proceed with registration token, the installer internally calls 'cadp_for_basic' utility with registration token to register a client.

The utility returns the following status:

  • Success:

    • Linux - An entry (job) for client certificate renewal is added to the Crontab.

    • Windows - An entry (job) for client certificate renewal is added to the Window Task Scheduler.

  • Failed: Check the 'cadp_c_basic.log' file for the reason.

The cadp_for_basic utility can be called through the following ways:

  1. Manually

    To call the utility manually, execute the following command:

    cadp_for_basic -d <CADP_For_C Installation Path> --renew_cert --force_update

  2. Auto

    A scheduler for certificate renewal is automatically added to:

    • Crontab (Linux)

    • Windows Task Scheduler (Windows) - A task CipherTrust\CADP_for_C\Cert_Expiry_Check_n_Update is added to the Windows Task scheduler.

    This scheduler will run daily at 12:00 p.m. (as per Client system timezone). If the certificates are due for renewal, the utilities present in the installed directory will update the certificates and configuration file to renew the certificates. 

    cadp_for_basic -d <CADP_For_C Installation Path> --renew_cert

    where,

    • renew_cert: is the utility that checks expiration time of the certificates for the time interval (x) between 90 to 60 days and shows a notification log 'Your certificates are going to be renewed in next days' in cadp_c_basic.log. Here, <x> will be 60 <= x <=90.

      If the remaining time is equal to 60 days it will renew the certificates and shows a notification log 'Your certificates are auto renewed successfully' in cadp_c_basic.log.

    • force_update: If this flag is given along with --renew_cert, then utility will not check remaining time of certificates expiration and will forcefully renew the certificates at that instant and shows a notification log 'Your certificates are renewed successfully' in cadp_c_basic.log.

This utility also provides a feature to return the number of days remaining for certificate expiration by executing the following command:

Example

cadp_for_c_basic  -d <CADP_For_C Installation Path> --checkCertExpiry

Output:

Client Cert Expiration Days Remaining: <x>

copy link to clipboardSample Commands

copy link to clipboardLinux

  • To fetch the number of days remaining for certificate expiration: 

    cadp_for_c_basic -d "/opt/CipherTrust/CADP_for_C/" --checkCertExpiry

  • To force renew the certificates:

    cadp_for_c_basic -d "/opt/CipherTrust/CADP_for_C/" --renew_cert --force_update

copy link to clipboardWindows

  • To fetch the number of days remaining for certificate expiration: 

    cadp_for_c_basic.exe  -d "C:\Program Files\CipherTrust\CADP_for_C\\" --checkCertExpiry

  • To force renew the certificates:

    cadp_for_basic.exe -d "C:\Program Files\CipherTrust\CADP_for_C\\" --renew_cert --force_update

On this page