Carnegie Mellon University Website Home Page
 
Skip navigation and jump directly to page content
Documentation Index
Networking
VPN
VPN Certificates
About VPN Certificates
Manage VPN Certificates
Renew Certificates
Accounts
Network, Phone & TV
Software
Email & Calendar
Secure Your Computer
Clusters & Printing
Web Services
Classroom & Event Support
Education & Outreach
Support & Repair
Information Security Office (ISO)

Renew a Certificate

When you downloaded your VPN certificate from NetReg, it was set to expire in 365 days. When you begin to approach this expiration, the Cisco VPN Client will display warning messages. Follow the instructions below to generate and import a new VPN certificate before the expiration of your existing certificate.

Step 1: Revoke the expiring certificate

NetReg will not permit more than one certificate per hostname. Therefore, you must revoke the certificate that is expiring before you can generate a new certificate to replace it. Follow the instructions provided to Revoke a Certificate.

Step 2: Generate and Download a new VPN certificate

  1. Go to http://netreg.net.cmu.edu/
  2. Review the information provided on the Network Registration page and click Enter at the bottom of the display.
  3. Log in at the WebISO screen using your Andrew userID and password. The Network Registration page displays.
  4. Under Registered Machines, select the hostname for your registered VPN connection.
  5. The Machine Information page displays. Click Manage Certificates in the top right corner.


  6. The Certificate Authority page displays. Click Generate New Certificate.

  7. The Issue a New Certificate page displays. Click Issue Certificate.


  8. The Certificate Authority page redisplays with the new certificate listed. Click Download Certificate.

  9. The Specify Certificate Encryption Information page displays. Enter an "import" password for the certficate and then re-enter the password to confirm it. Click Download Certficate. When you downloaded your original certificate, we recommended that you create a VPN Certificates directory. Save the certificate to this directory.


  10. Once you have downloaded the certificate, click Signoff at the top of the NetReg page to signoff and exit the NetReg system.

Step 3: Delete the old VPN certificate

The next step is to delete the expiring certificate from the Cisco VPN Client. Follow the instructions provided earlier on this page to Delete a Certificate.

Step 4: Import the new VPN certificate

Now that you've deleted the expiring certificate, you must import the new certificate that you generated and downloaded from NetReg. The steps to import this new certificate are identical to those used when you originally setup your VPN Client. Please see Step 3: Import VPN Certificate from the Cisco Systems VPN: Install, Configure and Connect document.

Last Updated: 12/11/07