Creating a New SSL Certificate

When you configure SSL on the Apache web server during Vocera installation or afterward, an SSL certificate is created that is set to expire after 1825 days (5 years). The long duration of the certificate is intended for your convenience so that you do not need to replace it frequently on each Vocera Voice Server and on all Vocera smartphones. When the SSL certificate expires, you need to create a new one to enable access to the Administration Console and User Console and to allow Vocera smartphones to connect to the Vocera Voice Server. You can create the new SSL certificate while the Vocera Server is running. However, you need to stop the Apache2 and Tomcat services temporarily.

If SSL is disabled or the certificate has not expired yet, you do not need to create a new certificate. If the URL you use to access the Administration Console starts with https: instead of http:, SSL is enabled. Another way to check whether SSL is enabled is to look at the value of the VOCERA_SSL environment variable. When VOCERA_SSL is set to ON, SSL is enabled.

Important: If you have a Vocera Voice Server cluster, you should create a new SSL certificate on the standby node(s) first, and then create a new certificate on the active node.

To create a new SSL certificate when it has expired:

  1. On the Vocera Voice Server machine, choose Start > All Programs > Administrative Tools > Services to open the Services console.
  2. Stop the Apache2 and Tomcat services. Leave the Services console open.
  3. In the \apache\apache2\bin folder on the Vocera Voice Server, run cert.bat.
    This batch file creates a new self-signed certificate named server.crt in the \apache\apache2\conf\ssl folder. The certificate is valid for 1825 days (5 years) from the creation date. You can verify the expiration date of the certificate by opening the certificate file.
  4. In the Services console, start the Apache2 and Tomcat services.
  5. Close the Services console.