Replace the Server Certificate

If you encounter a certificate error after installing the Imprivata PatientSecure server for release 6.11, you can replace the server certificate without reinstalling the PatientSecure server:

  • Replacing the server certificate using a .PFX certificate (recommended)

  • Replacing the server certificate using a .CER certificate

NOTE:

Replacing a server certificate is performed in the Internet Information Services (IIS) Manager on your Windows Server. The steps may vary depending on your version of Windows Server and IIS.
For more information on server certificates, see the IIS documentation for your Windows Server version.

Before You Begin

Consider the following items before you replace the server certificates:

  • Ensure that you have successfully installed Admin Console

  • Ensure that users can access Admin Console over SSL (https://<server>/AdminConsole through remote desktop or by logging in directly to the server where Imprivata PatientSecure is installed.

Replacing the server certificate using a .PFX certificate (recommended)

To replace a .PFX server certificate:

  1. Start the Computer Management tool, navigate to the Internet Information Services (IIS) Manager.

    In Connections, select your server, and then double-click Server Certificates. The Actions panel includes options for your server certificate.

  2. From the Actions panel, select Import.

  3. In the Import Certificate dialog box:

    1. Enter the full path to your certificate .pfx file.

    2. Enter the associated password.

    3. Select Allow this certificate to be exported.

    4. Click OK.

      Your certificate is added under Server Certificates.

  4. In the Connections panel, click Default Web Site.

  5. In the Actions panel, click Bindings.

  6. In the Site Bindings dialog box, select the https entry for port 443, and then click Edit.

  7. In the Edit Site Bindings dialog box, click Select, and then select the new SSL certificate. Click OK twice to exit.

  8. Restart your site.

Replacing the server certificate using a .CER certificate

To replace a .CER server certificate:

  1. Start the Computer Management tool, navigate to the Internet Information Services (IIS) Manager.

  2. In Connections, select your server, and then double-click Server Certificates. The Actions panel includes options for your server certificate.

  3. Select the certificate you want to replace.

  4. In the Actions panel, click Enable Automatic Rebind of Renewed Certificate.

    The link changes to Disable Automatic Rebind of Renewed Certificate.

  5. While your Server Certificate is still selected, click Renew.

  6. In the Renew an Existing Certificate dialog box, select the Complete certificate renewal request and click Next.

  7. Click the ellipsis [], select your certificate .cer file, and then click Finish.

  8. Restart your site.

    If binding does not happen automatically for some configurations:

    1. Select Default Web Site > Bindings, and then select the https entry for port 443 and click Edit.

    2. In the Edit Site Binding dialog box, click Select, and then select CertCreatedWithCertGen.

    3. Click OK.