SecureAuth IdP Appliance Certificate Renewal Utility (ACRU)
Introduction
Use this guide to install, run (or update), and confirm the actions of the SecureAuth IdP Appliance Certificate Renewal Utility (ACRU).
The ACRU tool is for use on SecureAuth IdP pre-8.1 appliances to update the Operating System (OS) to support SecureAuth's new SecureAuth IdP SHA256 Cloud Web Service. ACRU updates all of the certificate information to reflect the SHA-2 hashing algorithm and updates the URLs used by the appliance to communicate with the SecureAuth cloud services.
Prerequisites
Warning
Be sure that all of the Prerequisites have been met before installing and running the ACRU.
For any questions regarding the Prerequisites as they pertain to the existing environment, please contact SecureAuth Support.
If SecureAuth IdP is integrated with any VPN or Gateway (Juniper, Cisco, Citrix, F5) using a vendor-specific thick client and a native X.509 personal certificate, then upload the SecureAuth CA Public Certificates to the VPN or Gateway, and all client workstations before running the ACRU.
If no VPNs or gateways are integrated with SecureAuth IdP, then the ACRU can be utilized immediately.
If any firewalls are in place, open the following ports to enable access to the necessary IP addresses and URLs:
TCP
IP
URL
TCP 80 and 443
208.82.207.89
cloud.secureauth.com / us-cloud.secureauth.com
TCP 80 and 443
208.74.31.114
trx.secureauth.com / us-trx.secureauth.com
TCP 80 and 443
146.88.110.112
cloud.secureauth.com / us-cloud.secureauth.com
TCP 80 and 443
146.88.110.114
trx.secureauth.com / us-trx.secureauth.com
TCP 80 and 443
162.216.42.110
cloud.secureauth.com / us-cloud.secureauth.com
TCP 80 and 443
162.216.42.111
trx.secureauth.com / us-trx.secureauth.com
TCP 443
us-audit.secureauth.com
TCP 443
us-audit.secureauth.com
Contact Support to download the SecureAuth IdP Appliance Certificate Renewal Utility file.
The name, size, and hash of this file is:
Filename: SecureAuthApplianceCertificateRenewalUtility.msi
Filesize: 856 KB (876,544 bytes)
MD5 hash: c15520a622ae207e07be3f67a9ce4535
Installing ACRU
To install ACRU, perform the following steps.
Locate and double-click to open the downloaded ACRU file, SecureAuthApplianceCertificateRenewalUtility.msi.
Click Run to open the file.
Once the ACRU Installation Wizard opens, click Next.
Leave the fields at their default values and click Next.
Click Next to confirm the installation.
The installation runs.
Once the installation is complete, click Close.
Proceed to the next section, Running ACRU.
Running ACRU
Once you have installed ACRU, perform these steps to run it.
Locate the ACRU Tool in Drive-C > Program Files (x86) > SecureAuth > ApplianceCertRenewalUtility.
Double-click to open the SecureAuth.Tool.ApplianceCertRenewUtility.exe file.
Once the ACRU Update Wizard opens, leave the configurations at their default values and click Start.
Note
Select the Through importing a PFX file option only if explicitly instructed to do so by SecureAuth. Otherwise, leave default the Through submitting a Certificate Signing Request option.
If a proxy is configured on the SecureAuth IdP appliance, click Proxy Settings before proceeding and perform the steps described in Proxy Settings.
To set proxy settings:
At the Proxy Settings dialog box, check Use a proxy server for your internet connection.
Provide the Proxy Server Address, Proxy Server Port, Proxy Username, and Proxy Password fields as required.
Click Close.
Note
A Check SecureAuth file sync windows service prompt may appear; if so, ensure that all file sync windows services are stopped and click Yes.
Wait for the ACRU Tool to update.
A Reset IIS prompt may appear; if so, click Yes to reset IIS.
Once the ACRU updates are complete, click Close.
Start your browser and click the SecureAuth Admin bookmark.
On the initial screen, click Update WebConfig.
Click Update and review the Results list. Once you've finished reviewing this list, click Update Complete.
Warning
For SecureAuth IdP versions 8.0.0 and earlier, the Transaction (Trx) Log URL must be modified to avoid license errors.
See SecureAuth IdP Web Admin- System Info below for more information.
Confirming changes to the appliance operating system
Once the installation and update has been completed, confirm that the changes have been applied to the appliance's OS. These changes include:
Certificates Console
In the Certificates Console, double-click to open the SecureAuth G3 certificate.
 |
Old SHA-1 certificates may still be present in the Certificates Console, so make sure to select the correct one. To do this, enter the Certificate Details page and examine it for old SHA-1 certificates as described below.
SecureAuth IdP Web Admin - System Info
In the SecureAuth IdP Web Admin, select the System Info tab and make sure the URLs in the WSE 3.0 / WCF Configuration section are updated to properly communicate with the SecureAuth cloud services.
 |
Warning
For SecureAuth IdP versions 8.0.0 and earlier, examine the Admin Realm (SecureAuth0) attributes to make sure:
If True is selected from the Trx Use WSE 3.0 option list, make sure the Trx Log Service URL field is set to http://cloud.secureauth.com/trxservice/trx.svc/msg.
If False is selected from the Trx Use WSE 3.0 option list, set the Trx Log Service URL field to https://cloud.secureauth.com/trxservice/trx.svc.
If a proxy is already configured on the appliance, the WSE 3.0 option list and URLs are updated accordingly.
Refer to Web Proxy Server Configuration Guide for more information.
Related Documentation
SecureAuth cloud services
SecureAuth SecureAuth ACRU Lite