Creating a New SSL Certificate

When you configure SSL on the Apache web server during Vocera installation or afterward, an SSL certificate is created that is set to expire after 1825 days (5 years). The long duration of the certificate is intended for your convenience so that you do not need to replace it frequently. When the SSL certificate expires, you need to create a new one to enable access to the Vocera Report Console. You can create the new SSL certificate while the Vocera Report Server is running. However, you need to stop the Apache2 and Tomcat services temporarily.

If SSL is disabled or the certificate has not expired yet, you do not need to create a new certificate. If the URL you use to access the Report Console starts with https: instead of http:, SSL is enabled. Another way to check whether SSL is enabled is to look at the value of the VOCERA_SSL environment variable. When VOCERA_SSL is set to ON, SSL is enabled.

Use the following steps to create a new SSL certificate when it has expired:

  1. On the Vocera Report Server machine, choose Start > All Programs > Administrative Tools > Services to open the Services console.
  2. Stop the Apache2 and Tomcat services. Leave the Services console open.
  3. In the \apache\apache2\bin folder on the Vocera Report Server, run cert.bat.
    This batch file creates a new self-signed certificate named server.crt in the \apache\apache2\conf\ssl folder. The certificate is valid for 1825 days (5 years) from the creation date. You can verify the expiration date of the certificate by opening the certificate file.
  4. In the Services console, start the Apache2 and Tomcat services.
  5. Close the Services console.