Skip to content

Upgrade Digital Certificates used by Reflection X Domains

Digital certificates are used in domain mode for authenticating domain nodes and the domain controller. Starting with version 17.0, these certificates use RSA keys for TLS key exchange. The domain controller and nodes cannot communicate until these certificates are upgraded. If you have upgraded from the 16.2 version without upgrading the certificates, the domain doesn’t start and logs the following error message in the rxs.log file:

ERROR [...] The domain root certificate was generated by an earlier version of Reflection X that used DSA keys for TLS key exchange. Reflection X now creates certificates using RSA. See the "Upgrade Digital Certificates used by Reflection X Domains" help topic for details.

To upgrade your domain to use certificates with RSA keys

  1. Stop the Micro Focus Reflection X Service on the domain controller and on any domain nodes.

  2. Locate the Reflection X Service configuration files on the domain controller and all domain nodes. The certificates are located in the conf subfolder. Delete all certificates (*.cer) and any associated private key files (same base file name as a certificate with no file extension) from the controller and nodes.

    note

    Do not delete the *.xml files in the conf folder.

  3. Restart the service on the domain controller and nodes. This step generates new certificates and keys to replace the ones you deleted.

  4. Log onto X Administrative Console and delete all node definitions. (These will all have a red slash through them indicating that they are not available.)

  5. On each node, use rxsconfig to leave the domain. You should see a message like the following:

    Unable to remove node 0.0.0.0:22001 from domain domainname. Proceeding with local deletion.

    Deleted node 0.0.0.0:22001 for domain domainname

  6. Use rxsconfig to rejoin each node to the domain.

Back to top