Skip to main content

SecureAuth IdP Appliance Certificate Renewal Utility (ACRU)

Warning

Be sure that all of the Prerequisites have been met before installing and running the ACRU

For any questions regarding the Prerequisites as they pertain to the existing environment, please contact SecureAuth Support

Introduction

Use this guide to install, run (update), and confirm the actions of the SecureAuth IdP Appliance Certificate Renewal Utility (ACRU).

The ACRU tool is for use on SecureAuth IdP pre-8.1 appliances to update the Operating System (OS) to support SecureAuth's new SecureAuth IdP SHA256 Cloud Web Service. ACRU updates all of the certificate information to reflect the SHA-2 hashing algorithm and updates the URLs used by the appliance to communicate with the SecureAuth cloud services.

Prerequisites

1. If SecureAuth IdP is integrated with any VPN or Gateway (Juniper, Cisco, Citrix, F5) using a vendor-specific thick client and a native X.509 personal certificate, then upload the SecureAuth CA Public Certificates to the VPN or Gateway, and all client workstations before running the ACRU

If no VPNs or Gateways are integrated with SecureAuth IdP, then the ACRU can be utilized immediately

2. If any Firewalls are in place, open the following ports to enable access the necessary IP Addresses and URLs:

  • TCP 80 and 443 - IP: 208.82.207.89; URL: cloud.secureauth.com / us-cloud.secureauth.com

  • TCP 80 and 443 - IP: 208.74.31.114; URL: trx.secureauth.com / us-trx.secureauth.com

  • TCP 80 and 443 - IP:146.88.110.112: URL: cloud.secureauth.com / us-cloud.secureauth.com

  • TCP 80 and 443 - IP:146.88.110.114;URL: trx.secureauth.com / us-trx.secureauth.com

  • TCP 80 and 443 - IP: 162.216.42.110; URL: cloud.secureauth.com / us-cloud.secureauth.com

  • TCP 80 and 443 - IP: 162.216.42.111; URL: trx.secureauth.com / us-trx.secureauth.com

  • TCP 443 - See SecureAuth cloud services IP Addresses; URL: us-audit.secureauth.com

  • TCP 443 - See SecureAuth cloud services IP Addresses; URL: us-services.secureauth.com

3. Download the SecureAuth IdP Appliance Certificate Renewal Utility

  • Filename: SecureAuthApplianceCertificateRenewalUtility.msi

  • Filesize: 856 KB (876,544 bytes)

  • MD5 hash: c15520a622ae207e07be3f67a9ce4535

ACRU Steps

ACRU Installation

1. Locate and open (double-click) the downloaded ACRU file, SecureAuthApplianceCertificateRenewalUtility.msi

35456217.png

Open File

35456218.png

2. Click Run to open the file

ACRU Installation Wizard

3. Once the ACRU Installation Wizard opens, click Next

35456219.png

4. Leave the values as default, and click Next

35456220.png

5. Click Next to confirm the installation

35456221.png

6. Click Close to complete the installation

35456222.png

Run ACRU

7. Once the ACRU Tool is installed, locate it in Drive-C -> Program Files (x86) -> SecureAuth -> ApplianceCertRenewalUtility

35456223.png

8. Open (double-click) the SecureAuth.Tool.ApplianceCertRenewUtility.exe file

ACRU Update Wizard

9. Once the ACRU Update Wizard opens, leave the configurations as default and click Start

35456224.png

Select Through importing a PFX file only if explicitly instructed to do so by SecureAuth

Note

If a proxy is configured on the SecureAuth IdP appliance, click Proxy Settings first

Proxy Settings

35456226.png

1. Check Use a proxy server for your internet connection

2. Provide the Proxy Server Address, Proxy Server Port, Proxy Username, and Proxy Password

3. Click Close

Note

A Check SecureAuth file sync windows service prompt may appear; if so, ensure that all file sync windows services are stopped and click Yes

35456225.png

Progress

10. Wait for the ACRU Tool to update

35456227.png

Note

A Reset IIS prompt may appear; if so, click Yes to reset IIS

35456228.png

ACRU Update Wizard Complete

11. Once the ACRU updates are complete, click Close

35456229.png

SecureAuth IdP Web Admin

12. Start Internet Explorer and click the SecureAuth Admin bookmark

35913838.png

13. On the initial screen, click Update WebConfig

Update WebConfig

14. Click Update and see the Results listed and Update Complete when it is finished

35913839.png

Warning

For SecureAuth IdP versions 8.0.0 and earlier, the Transaction (Trx) Log URL must be modified to avoid license errors

See below for more information

Confirm Changes

Once the installation and update has been completed, confirm that the changes have been applied to the appliance's OS

Certificates Console

In the Certificates Console, open (double-click) the SecureAuth G3 certificate

35456230.png

Old SHA-1 certificates may still be present in the Certificates Console, so be sure to select the correct one

Certificate Details

In the Details section, ensure that the Signature algorithm is sha256RSA, and that the Signature hash algorithm is sha256

35456231.png

SecureAuth IdP Web Admin - System Info

In the SecureAuth IdP Web Admin, in the System Info tab, the URLs in the WSE 3.0 / WCF Configuration section are updated to properly communicate with the SecureAuth cloud services

35456232.png

Warning

For SecureAuth IdP versions 8.0.0 and earlier, in the Admin Realm (SecureAuth0), set the Trx Log Service URL to http://cloud.secureauth.com/trxservice/trx.svc/msg if True is selected from the Trx Use WSE 3.0 dropdown

Set the Trx Log Service URL to https://cloud.secureauth.com/trxservice/trx.svc if False is selected from the Trx Use WSE 3.0 dropdown

If a proxy is already configured on the appliance, the WSE 3.0 dropdowns and URLs are updated accordingly

Refer to Web Proxy Server Configuration Guide for more information

Warning

SecureAuth recommends to select False from the Trx Use WSE 3.0 dropdown, and set the Trx Log Service URL to https://cloud.secureauth.com/trxservice/trx.svc to utilize HTTPS encryption rather than Message Level Encryption (msg)

Related Documentation

  • SecureAuth cloud services

  • SecureAuth SecureAuth ACRU Lite