SSL certificate expiry

Hi Team,
My ignition SSL certificate is going to expire by next month.
i want to know what all the steps that needs to be followed once the new certificate is generated. How to generate the new certificate?
Do i need to upload again in gateway? if yes where i need to upload.

Also when i am changing the new certificates will it affect the data flow? we are using MQTT & in-built drivers for data transmission.
Does it require any restart of ignition server?

since i am doing this for first time i need some guidance.

Thanks in advance.

Assuming HTTPS cert, here’s a good starting point:

A new HTTPS cert can be updated live, with no impact to production. You do not need to wait until the old cert expires. As soon as you have a new one (either purchased from a Certificate Authority, or a self-signed), you can import it.

Thanks for your response.
will it affect the MQTT connections during the renewal?

Also, i have redundant servers. so, SSL needs to be renewed separately in both master and backup servers, right?

The certificates needs to be updates on each server. Updating on each server has no complications as long as the old certificate has not expired.

1 Like

Before I steer you in the wrong direction, it might be best to clearly identify which certificates are expiring.
There are different certificates used throughout Ignition for different purposes. I started typing them out and linking to each, then found a page that Inductive already compiled: Security Certificates

Regarding Web Server SSL only, both of your gateways will host their own web server and will therefore need certs to be updated in each server manually - should have no impact to external devices using that connection - all as @aryavani.m mentioned above. This is one of the few things that does not sync between redundant gateways.

yes, i want to renew web server SSL certificate only.
Thanks for your clarification.