Renewing the IBM MaaS360 VPN module server certificate

The document provides steps for renewing certificates that are expired and certificates that are about to expire. These certificates are used by the IBM® MaaS360® VPN Module Server, which is configured within the Cloud Extender®.

Verifying the expiration dates

Verify the expiration dates of the IBM MaaS360 VPN module server certificate.
  1. Log in to the Cloud Extender Node, where the IBM MaaS360 VPN module is configured.
  2. Go to the directory C:\ProgramData\MaaS360\Cloud Extender\AR\DATA\VPN.
    Note: If the path is hidden and not visible, then you need to manually input the path into Windows Explorer.
  3. Open the file server.crt by double-clicking the file and checking for validity. The valid expiration dates are displayed on the window.
  4. If the certificate is expired, you must renew the certificate.

Renewing IBM MaaS360 VPN module server certificate

Renew the IBM MaaS360 VPN module server certificate.
  1. Open Cloud Extender Configuration Tool.
  2. Click the VPN module tile on the Cloud Extender Configuration Tool to open up the VPN configuration window.
  3. From the VPN configuration window, click the Edit icon.
  4. Click Next on the VPN Prerequisites Status screen. The Cluster Details panel is displayed.
  5. From the Cluster Details window, copy the configuration details. These details are required in the next steps.
  6. Once the configuration details are recorded, click Cancel and select Yes to confirm.
  7. Once again, click the VPN module tile on the Cloud Extender Configuration Tool to return to the VPN configuration window.
  8. In the VPN configuration window, select the Delete icon to delete the existing cluster and then click Yes to confirm.
  9. Create a cluster by selecting Setup a new VPN cluster, and click Next until the Cluster Details window is displayed.
  10. Enter the configuration details that were copied in the Step 5 into the Cluster Details window. Assign a unique name to the VPN Cluster.
  11. Click Next. The Validate and Test VPN Settings window is displayed
  12. Perform the two tests that are available and verify whether they succeed.
  13. Click Save to complete the new cluster configuration.
  14. To verify that the certificates are renewed successfully, go to the directory C:\ProgramData\MaaS360\Cloud Extender\AR\DATA\VPN, and double-click the server.crt file.
    Note: If the newly created file name is VPNCERT.crt, rename it to server.crt.
  15. The VPN Server certificate renewal is successful. You can now close the Certificate file, MaaS360 Config Tool, and Explorer window and exit from the remote desktop session.

Pushing VPN configurations to devices

Follow the steps to push the VPN configuration to devices through the IBM MaaS360 Portal.
  1. From the IBM MaaS360 Portal home page, go to Security > Policies.
  2. Click view under the policy, which is configured to use VPN. The policy details view is displayed.
  3. Go to Device Settings > VPN.
  4. Click Edit.
  5. In VPN Configuration, select MaaS360 VPN.
  6. Provide a name to your VPN profile and then select the previously configured cluster name in the Select VPN Server.
  7. Ensure that Maximum Connection Duration is set to a non-zero value.
  8. Publish the policy. The policy settings are applied to the devices.

Result: Users can now connect to IBM MaaS360 VPN to confirm access with updated certificates.