Skip to content
English
More support Sign in
EveryCloud
  • There are no suggestions because the search field is empty.

How To - Replace expiring SSL Certificates

Preparing Staged Certificates

Purpose

This guide outlines the process for staging and replacing SSL Decryption (MiTM) certificates within iBoss.
It ensures certificates are renewed in a controlled manner to avoid user disruption and maintain continuous SSL inspection.

 

Scope

This procedure applies to:

  • All iBoss deployments using SSL Decryption
  • Managed and unmanaged endpoints connecting via the iBoss platform
  • Certificate lifecycle activities, including renewal, staging, deployment, and activation

 

This guide does not cover:

  • Initial SSL Decryption setup
  • Detailed MDM configuration steps for individual device types

 

Before You Start

  • Ensure you have admin access to the iBoss console
  • Check the current certificate expiry date in SSL Decryption settings
  • Plan to complete this process before expiry (alerts begin ~90 days prior

 

Step 1: Generate a New Certificate

  1. Navigate to SSL Decryption in the admin console (found under the Network Tab)
  2. Select “Generate and Download New MITM Root Certificate”
  3. Open the downloaded file
  4. Copy the full certificate content (including BEGIN/END lines)

 

Step 2: Add the Staged Certificate

  1. In SSL Decryption settings, expand SSL Decryption Certificate
  2. Paste the certificate into:
    “Staged SSL Decryption Certificate (PEM)”
  3. Click Save
  4. Confirm both active and staged certificate expiry dates are visible

 

Step 3: Deploy the Certificate to Devices

Automatic Deployment

  • Windows & Linux: Installed automatically via Cloud Connector

Manual / MDM Deployment Required

  • macOS, iOS, Android, Chromebook
  • Use your MDM or endpoint management tool
  • Install as a trusted root certificate (system level)

 

Step 4: Validate Deployment

  • Ensure all endpoints have received the staged certificate
  • Do not proceed until coverage is confirmed
  • This prevents SSL errors or user disruption

 

Step 5: Activate the New Certificate

  1. Go to SSL Decryption Certificate settings
  2. Copy the staged certificate
  3. Paste it into the active certificate field, replacing the old one
  4. Clear the staged field
  5. Click Save

 

 

Important Notes

  • Default certificate validity is 397 days
  • Longer validity may cause Apple device trust issues
  • Always complete staging before expiry

 

If the Certificate Has Already Expired

  • Users may experience HTTPS connection failures
  • Temporarily disable SSL Decryption:
    • Disable Proxy SSL Decryption (and/or Transparent if used)
  • Generate and deploy a new certificate
  • Re-enable SSL Decryption once endpoints are updated