eSync security certificates expiring 1/1/2019

  • Updated

eSync security certificates will be expiring January 1st, 2019. This is problematic in 9.3 where SSL secured endpoints were first used with eSync. When the certificates expire in 9.3, eSync will give an Object Reference error.
object_ref_esync_secured_endpoints.png

Versions prior to 9.3 should not be affected by this error, however if issues are encountered due to the expiring certs, see below.

A new Security Configurator has been developed which creates certificates ten years into the future. The existing certificates will need to be removed and new certs created with the new generator. 

  1. Remove the existing security certificates. 
  2. Backup the existing security configurator folder(note that the path will be slightly different in 8.x versions). 
    "C:\Program Files (x86)\Ektron\CMS400vXX\Utilities\SecurityConfig\SecurityConfigurator\"
  3. If on 91SP3, 92SP2 or 93 update to the latest service update for the applicable version. At the time of this writing the latest service update for 9.3 is 9.3SP1. 
    Downloads and Release Notes 

    2018-12-28_10_40_05-Ektron_Product_Downloads___Support_Help_Center.png

    If on 8.x or 9.0 versions the security configurator folder will need to be replaced manually with the new one. Make sure to grab the appropriate version. This has not been tested with Windows Server 2003.
    SecurityConfigurator.zip

  4. Regenerate and exchange certificates between the servers. 
    Ektron Documentation
    In the eSync section, follow steps at Synchronizing Servers Using eSync > Managing eSync Security Certificates > Regenerating security certificates.


    9.3 Workaround

    If you are using 9.3 a workaround can be implemented by disabling the eSync SSL secured endpoints setting in the Ektron Windows Service(EWS) config. This causes sync to work the same way it did prior to 9.3.

 

  1. Open the EWS config
    <Drive>:\\Program Files (x86)\Ektron\EktronWindowsService40Ektron.ASM.EktronServices40.exe.config
  2. Change the following setting to true if it is false.
    <add key="EnableNonSSLEndpoints" value="true" />
  3. Restart the Ektron Windows Service. 
  4. Repeat on other syncing servers.