SecureAuth IdP Appliance Certificate Renewal Utility (ACRU)
Warning
Be sure that all of the Prerequisites have been met before installing and running the ACRU
For any questions regarding the Prerequisites as they pertain to the existing environment, please contact SecureAuth Support
Introduction
Use this guide to install, run (update), and confirm the actions of the SecureAuth IdP Appliance Certificate Renewal Utility (ACRU).
The ACRU tool is for use on SecureAuth IdP pre-8.1 appliances to update the Operating System (OS) to support SecureAuth's new SecureAuth IdP SHA256 Cloud Web Service. ACRU updates all of the certificate information to reflect the SHA-2 hashing algorithm and updates the URLs used by the appliance to communicate with the SecureAuth cloud services.
Prerequisites
1. If SecureAuth IdP is integrated with any VPN or Gateway (Juniper, Cisco, Citrix, F5) using a vendor-specific thick client and a native X.509 personal certificate, then upload the SecureAuth CA Public Certificates to the VPN or Gateway, and all client workstations before running the ACRU
If no VPNs or Gateways are integrated with SecureAuth IdP, then the ACRU can be utilized immediately
2. If any Firewalls are in place, open the following ports to enable access the necessary IP Addresses and URLs:
TCP 80 and 443 - IP: 208.82.207.89; URL: cloud.secureauth.com / us-cloud.secureauth.com
TCP 80 and 443 - IP: 208.74.31.114; URL: trx.secureauth.com / us-trx.secureauth.com
TCP 80 and 443 - IP:146.88.110.112: URL: cloud.secureauth.com / us-cloud.secureauth.com
TCP 80 and 443 - IP:146.88.110.114;URL: trx.secureauth.com / us-trx.secureauth.com
TCP 80 and 443 - IP: 162.216.42.110; URL: cloud.secureauth.com / us-cloud.secureauth.com
TCP 80 and 443 - IP: 162.216.42.111; URL: trx.secureauth.com / us-trx.secureauth.com
TCP 443 - See SecureAuth cloud services IP Addresses; URL: us-audit.secureauth.com
TCP 443 - See SecureAuth cloud services IP Addresses; URL: us-services.secureauth.com
3. Download the SecureAuth IdP Appliance Certificate Renewal Utility
Filename: SecureAuthApplianceCertificateRenewalUtility.msi
Filesize: 856 KB (876,544 bytes)
MD5 hash: c15520a622ae207e07be3f67a9ce4535
ACRU Steps
ACRU Installation
1. Locate and open (double-click) the downloaded ACRU file, SecureAuthApplianceCertificateRenewalUtility.msi
![]() |
Open File
![]() |
2. Click Run to open the file
ACRU Installation Wizard
3. Once the ACRU Installation Wizard opens, click Next
![]() |
4. Leave the values as default, and click Next
![]() |
5. Click Next to confirm the installation
![]() |
6. Click Close to complete the installation
![]() |
Run ACRU
7. Once the ACRU Tool is installed, locate it in Drive-C -> Program Files (x86) -> SecureAuth -> ApplianceCertRenewalUtility
![]() |
8. Open (double-click) the SecureAuth.Tool.ApplianceCertRenewUtility.exe file
ACRU Update Wizard
9. Once the ACRU Update Wizard opens, leave the configurations as default and click Start
![]() |
Select Through importing a PFX file only if explicitly instructed to do so by SecureAuth
Note
If a proxy is configured on the SecureAuth IdP appliance, click Proxy Settings first
Proxy Settings
![]() |
1. Check Use a proxy server for your internet connection
2. Provide the Proxy Server Address, Proxy Server Port, Proxy Username, and Proxy Password
3. Click Close
Note
A Check SecureAuth file sync windows service prompt may appear; if so, ensure that all file sync windows services are stopped and click Yes
![]() |
Progress
10. Wait for the ACRU Tool to update
![]() |
Note
A Reset IIS prompt may appear; if so, click Yes to reset IIS
![]() |
ACRU Update Wizard Complete
11. Once the ACRU updates are complete, click Close
![]() |
SecureAuth IdP Web Admin
12. Start Internet Explorer and click the SecureAuth Admin bookmark
![]() |
13. On the initial screen, click Update WebConfig
Update WebConfig
14. Click Update and see the Results listed and Update Complete when it is finished
![]() |
Warning
For SecureAuth IdP versions 8.0.0 and earlier, the Transaction (Trx) Log URL must be modified to avoid license errors
See below for more information
Confirm Changes
Once the installation and update has been completed, confirm that the changes have been applied to the appliance's OS
Certificates Console
In the Certificates Console, open (double-click) the SecureAuth G3 certificate
![]() |
Old SHA-1 certificates may still be present in the Certificates Console, so be sure to select the correct one
Certificate Details
In the Details section, ensure that the Signature algorithm is sha256RSA, and that the Signature hash algorithm is sha256
![]() |
SecureAuth IdP Web Admin - System Info
In the SecureAuth IdP Web Admin, in the System Info tab, the URLs in the WSE 3.0 / WCF Configuration section are updated to properly communicate with the SecureAuth cloud services
![]() |
Warning
For SecureAuth IdP versions 8.0.0 and earlier, in the Admin Realm (SecureAuth0), set the Trx Log Service URL to http://cloud.secureauth.com/trxservice/trx.svc/msg if True is selected from the Trx Use WSE 3.0 dropdown
Set the Trx Log Service URL to https://cloud.secureauth.com/trxservice/trx.svc if False is selected from the Trx Use WSE 3.0 dropdown
If a proxy is already configured on the appliance, the WSE 3.0 dropdowns and URLs are updated accordingly
Refer to Web Proxy Server Configuration Guide for more information
Warning
SecureAuth recommends to select False from the Trx Use WSE 3.0 dropdown, and set the Trx Log Service URL to https://cloud.secureauth.com/trxservice/trx.svc to utilize HTTPS encryption rather than Message Level Encryption (msg)
Related Documentation
SecureAuth cloud services
SecureAuth SecureAuth ACRU Lite