SSL Certificate Renewals | Axero Documentation

Introduction

An SSL (Secure Sockets Layer) certificate authenticates your site's identity and enables an encrypted connection between your users and your intranet. SSL certificates have a finite lifespan and must be renewed before they expire to maintain site accessibility.

Overview

• Introduction
• When to Renew
• Renew Your SSL Certificate
• Troubleshooting
• Additional Resources
• Support and Feedback

When to Renew

Renew your SSL certificate at least two weeks before it expires. An expired certificate causes browsers to display a security warning and can prevent users from accessing your site entirely.

To check your current certificate's expiration date, click the padlock icon in your browser's address bar while on your Axero site. The certificate details will display the expiration date.

Renew Your SSL Certificate

To renew a self-managed SSL certificate on your Axero site, submit a private support case with the required files:

1. Obtain the renewed certificate from your certificate authority in .pfx format.

   Tip: If your certificate authority provides separate .crt and .key files instead of a .pfx file, you can convert them using OpenSSL:
   
   openssl pkcs12 -export -out certificate.pfx -inkey private.key -in certificate.crt
   
   You will be prompted to set a password for the .pfx file. If you are unfamiliar with this process, contact your certificate authority and request the certificate in .pfx format directly.

2. Navigate to Axero Online Support and create a new private case.
3. In the case description, provide the following information, attach the ZIP file containing your .pfx certificate, and submit the case:

   Item	Description
   Domain name	The complete domain name the SSL certificate applies to (e.g., intranet.yourdomain.com or *.yourdomain.com for a wildcard certificate)
   SSL certificate file	A ZIP file containing your SSL certificate in .pfx format
   Password	The password for the .pfx file

After the Axero team installs your renewed certificate, you will receive confirmation through your support case. No site restart or downtime is required.

Troubleshooting

Site displays a security warning or is inaccessible

Your SSL certificate may have expired. Check the expiration date by clicking the padlock icon in your browser. If the certificate has expired, submit a renewal immediately through a private support case. Contact your Technical Account Manager if urgent assistance is needed.

Certificate installation fails due to password mismatch

The password provided in your support case does not match the password set on the .pfx file. Re-export the .pfx file with a known password and resubmit it through your support case.

Certificate does not match the domain

The domain name on the certificate must exactly match your site's domain. For example, a certificate issued for www.yourdomain.com will not work for yourdomain.com. Verify the domain name with your certificate authority and reissue if necessary. A wildcard certificate (e.g., *.yourdomain.com) covers all subdomains but does not cover the root domain itself.

Certificate file is not in .pfx format

Axero requires certificates in .pfx (PKCS#12) format. If your certificate authority provided separate .crt and .key files, use the OpenSSL command in the renewal steps above to convert them, or request a .pfx file from your certificate authority.

Additional Resources

• For an overview of domain options and DNS configuration, see Domain Configuration.
• After configuring your domain, review Content Security Policy (CSP) to control which external sources your platform can load resources from.
• For security best practices related to login, sessions, and access control, see Site Security Best Practices.

Support and Feedback

If you need assistance with SSL certificate renewals or have questions about certificate requirements, submit a support case.