SSL Certificate application and replacement

Last updated
Save as PDF

Install, apply, and replace an SSL certificate for Netsmart Homecare.

Important: The Netsmart Homecare application is only accessible if the FQDN name matches the certificate.

Apply the SSL certificate to Netsmart Homecare web services

Open Internet Information Services Manager (IIS) by selecting Start > Programs > Administrative Tools > Internet Information Services Manager.
Expand the Sites (Local Computer) directory.
Right-click Default Web Site and choose Edit Bindings.
Select Add.
For Type, select https.
From SSL certificate, select your certificate.
Select OK.

Replace an SSL certificate

Request a new certificate.
Open the Internet Information Services Manager (Start > Programs > Administrative > Tools > Internet Information Services Manager).
Expand the Sites (Local Computer) directory and choose Bindings on the Actions pane.
In Site Bindings, select Add/Edit.
Select your certificate from the SSL certificate dropdown list.
Select Close.
Restart IIS.

Check if a certificate is expired

You can check the expiration date of a certificate in two ways:

Select Details for the Security Token Service on the Diagnostics page. In the Certificates section of the Diagnostics page, view the Valid from and Valid to dates.
Note: The Server and Common certificates are part of one security certificate file. The server certificate is a private key used to decrypt information.
OR
Open the certificate file (.pfx) using MMC to view its properties.

What to do if the certificate is expired

If your certificate has expired, it becomes invalid and no longer secures communication between the Netsmart Homecare applications. If your certificate is about to expire, depending on your CA’s policy, the CA might contact you and remind you to renew it. You need to obtain a new certificate with a valid expiration date. The CA usually provides information on how to renew the certificate. If you need further assistance, contact Netsmart Homecare Support.

There are two parts to renewing a certificate:

Obtain a new certificate with a valid expiration date.
Apply the new certificate to Netsmart Homecare.

Install a new certificate

You might need to install a new certificate if the existing certificate expires, certificate properties change, or security is breached.

If you manually changed the default certificate installation path in Configuration Service after its installation, go to the Configuration Service Settings page (as a support representative only) and view the places where the new certificate will be installed (in the STS_SERVER group).
On the Netsmart Homecare application server, import the certificate with the private key (the .pfx file) provided by CA in Certificates (local computer) > Personal.
On all machines with Netsmart Homecare applications (server-side and add-ons), import the certification with the public key (the .cer file) in Certificates> Current User> Trusted People.
If you are a support representative, complete the following steps:
1. On the Configuration Service Settings page, select Edit for each of the following values to specify the certificate thumbprint (without spaces):
  - STS_SERVER> STS_CERT_LOOKUP_VALUE
  - STS_COMMON> STS_CERT_LOOKUP_VALUE
  - STS_COMMON> STS_CERT_LOOKUP_VALUE
Restart Internet Information Services (IIS) on computers with the Netsmart Homecare web applications.
Restart all Netsmart Homecare Windows Services, starting with the Netsmart Homecare STS service.

Install a new certificate using the Swap Certificate Thumbprint page

The Swap Certificate Thumbprint page in the Configuration Service can be accessed only with the Configuration Service Certificate Management privilege for non-support users. Support representatives do not need this privilege. To check your operator's privilege in the Netsmart Homecare desktop application, go to Administration > Configuration> Operators> Privileges> Configuration Service. If the operator cannot access, select Allow to grant full access to the Configuration Service Certificate Management privilege.

As the operator with the Configuration Service Certificate Management privilege, log in to the Configuration Service.
Click the Swap Certificate Thumbprint link at the top right corner of the window to view the current certificate thumbprints.
Complete one of the following steps:
- If you have not already installed a valid certificate, select the Certificate Replacement Instructions tab and follow the instructions to install a valid certificate.
  OR
- Select the New Certificate tab to select a certificate from a list of valid certificates; select Submit to confirm your choice.
Restart Internet Information Services (IIS) on computers with the Netsmart Homecare web applications.
Restart all Windows Services, starting with the Netsmart Homecare STS service.

Self-signed certificate and certificate not listed among trusted root CAs

If an agency uses a self-signed certificate, it must be installed as a trusted root CA on all machines (server side, client side, and add-ons) in Certificates (Local Computer) > Trusted Root Certification Authorities> Certificates. If an agency uses a certificate that is not listed among the trusted root CAs, its root certificate must be installed as a trusted root CA on all machines (server side, client side, and add-ons) in Certificates (Local Computer)> Trusted Root Certification Authorities > Certificates.

Replace an SSL certificate

Request a new certificate.
Open the Internet Information Services Manager (Start> Programs> Administrative> Tools> Internet Information Services Manager).
Expand the Sites (Local Computer) directory and select Bindings on the Actions pane.
In Site Bindings, select Add/Edit.
Choose your certificate from the SSL certificate dropdown list.
Select Close.
Restart IIS.