How to change SSL certificate in On-Premise Console

Hello, how can I change SSL certificate in On-Premise Console?

I tried to replace server.jks with mine, but it always failed with these errors:

Field error in object ‘server.security’ on field ‘privateKey’: rejected value [C:\Program Files\AVAST Software\Management Console\console/certificates/clicrt_rsa-key.prv.der]; codes [methodInvocation.server.security.privateKey,methodInvocation.privateKey,methodInvocation.com.google.protobuf.ByteString,methodInvocation]; arguments [org.springframework.context.support.DefaultMessageSourceResolvable: codes [server.security.privateKey,privateKey]; arguments ; default message [privateKey]]; default message [Property ‘privateKey’ threw exception; nested exception is com.avast.crypto.KeyUtilityException: java.security.spec.InvalidKeySpecException: java.security.InvalidKeyException: IOException : DER input, Integer tag error]

Field error in object ‘server.security’ on field ‘publicKey’: rejected value [C:\Program Files\AVAST Software\Management Console\console/certificates/clicrt_rsa-key.pub.der]; codes [methodInvocation.server.security.publicKey,methodInvocation.publicKey,methodInvocation.com.google.protobuf.ByteString,methodInvocation]; arguments [org.springframework.context.support.DefaultMessageSourceResolvable: codes [server.security.publicKey,publicKey]; arguments ; default message [publicKey]]; default message [Property ‘publicKey’ threw exception; nested exception is com.avast.crypto.KeyUtilityException: java.security.spec.InvalidKeySpecException: java.security.InvalidKeyException: IOException: ObjectIdentifier() – data isn’t an object ID (tag = -96)]; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name ‘securitySettings’: Could not bind properties to [unknown] (target=server.security, ignoreInvalidFields=false, ignoreUnknownFields=true, ignoreNestedProperties=false); nested exception is org.springframework.validation.BindException: org.springframework.validation.BeanPropertyBindingResult: 2 errors

I also tried to replace those DER files, but without success.

Same here, I need to update my certificate also (because we’re using the Let’s Encrypt 90-day versions), and there seems to be no way to do this in the console (and I’d rather not have to uninstall and reinstall every time). I can see where the .pfx ‘lives’ but you’d have to have a way to enter the password for these, not just replacing the file…

Support did get back to me on this one. When you generate the new certificate, just make sure its filename and pcks password match what’s in the config file (typically C:\Program Files\AVAST Software\Management Console\console\config\application-user-config.yml). if not, edit it, and replace the cert (typically found C:\Program Files\AVAST Software\Management Console\console\certificates) and restart the console / postgresql services and it seems to pick up fine.