Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 2 replies
  • Answers 1 answer
  • Subscribers 27 subscribers
  • Views 4560 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Cannot update console ports / certificates because of BAP

oxident

Hi!

I've tried to change the appliance's certificate but whenever I click on Apply, my XG complains about the Console / User Portal ports:

"You cannot update the default Admin Console Port as it is used in Business Application Policy"

That's quite strange because I didn't even touched the console port values (still at default 4444/4445) and I don't have any BAP configured which could conflict with these ports.

Is there any chance to see which specific BAP rule is causing this conflict? Maybe in a log file?

Or can I change the appliance certificate using CLI?

The XG is running SFOS 17.0.3 MR-3



This thread was automatically locked due to age.
  • 0

    Okay, that was a tough one! It was only possible to change the appliance certificate using the API. I've enabled API access for my workstation's IP address and then issued the following request:

    https://XG-IPADDRESS:4444/webconsole/APIController?reqxml=

    <Request><Login><Username>admin</Username><Password>MyPassword</Password></Login>

    <Set><AdminSettings><WebAdminSettings>

    <HTTPSport>4444</HTTPSport>
    <HTTPport>8888</HTTPport>
    <UserPortalHTTPSPort>4445</UserPortalHTTPSPort>
    <Certificate>NEW CERTIFICATE NAME</Certificate>

    </WebAdminSettings></AdminSettings></Set>

    </Request>

    I guess it has something to do with the HTTPport (which isn't visible in the XG gui)...

  • 0

    I found an alternate method of updating the cert for the Admin Console and User Portal. You can also upload a new certificate file, key file and passphrase into the existing cert object in the Admin Console under the certificates tree. That will replace the expiring certificate with the new one, not requiring a change under the Administration tree, Admin Console tab.