Renew TLS Certificate
This section explains how to replace an existing, expiring, or compromised self-signed certificate with a new one — without changing the application’s code or TLS settings.
Generate the Certificate
- 
                                                        Use a tool such as OpenSSL to create the new certificate. 
- 
                                                        Make sure it includes the correct Subject Alternative Name (SAN) or Common Name (CN) that matches the component’s hostname or IP address. 
- 
                                                        The new certificate should also use a stronger key size and hash algorithm than the old one. 
Download the Executable File
- 
                                                        Go to the following link to download the executable file (https://uploads.tenable.com/files/cfbd6fcd-d70c-439d-9948-8d2b206f1b84/download). 
- 
                                                        Download the file. 
- 
                                                        Save the file to a secure location on your system. 
- 
                                                        Verify the file integrity by checking its SHA-256 hash: 2d3909d4208702360648d885638fe0dc2cb8298f5321348d5bf1dd8f908044bf 
Standard Architecture
- 
                                                        Connect to the Storage Manager (SM), Security Engine Node (SEN), and the Directory Listener (DL) servers using an administrator account. 
- 
                                                        Open a PowerShell terminal as an administrator. 
- 
                                                        Run the executable file with the following parameters. CopyPS C:\> .\Renew-Self-signed-certificate.exe -StorageManagerIp "SM host" -SecurityEngineNodeIp "SEN Host" -DirectoryListenerIp "DL Host"
Distributed Architecture
- 
                                                        Connect to the Storage Manager (SM), Security Engine Nodes (SEN1, SEN2, SEN3), and the Directory Listener (DL) servers using an administrator account. 
- 
                                                        Open a PowerShell terminal as an administrator. 
- 
                                                        Run the executable file with the following parameters. CopyPS C:\> .\Renew-Self-signed-certificate.exe -StorageManagerIp "SM host" -SecurityEngineNodeIp "SEN1 Host, SEN2 Host, SEN3 Host, SEN4 Host, SEN5 Host" -DirectoryListenerIp "DL Host"
 
                                                    