- 06 Jan 2025
- 4 Minutes à lire
- SombreLumière
- PDF
Changing the Server Component Location
- Mis à jour le 06 Jan 2025
- 4 Minutes à lire
- SombreLumière
- PDF
Before you begin
- Have your OneSpan product maintenance ID and serial number ready before you start with the procedure to change the server component location. Verify that your product package allows the licensing for a new IP address (contact your supplier to obtain this information).
Prepare administration client components.
If your Administration Web Interface instance is located on the machine on which you want to change the IP address, add a new client component record for the new IP address. This will allow administration to continue after the IP address change.
If the IP address has already changed, and Require administration client component registration setting is enabled, the administration client will be unable to connect to OneSpan Authentication Server! Launch the Maintenance Wizard and select the Rescue Administration Client option.
It may be necessary to wait approximately 15 minutes for cached data to be refreshed (see Data store changes).
Changing the server component IP address
The procedure is the same whether you have already changed the IP address of the machine or are about to do so.
To change the OneSpan Authentication Server IP address
- Log out of all OneSpan Authentication Server components.
- Launch the Maintenance Wizard and select the Change Server Component Location option.
Select the new IP address from the drop-down list and click Next.
You will need to load a license key for OneSpan Authentication Server into the data store for the new IP address. If you do not already have a suitable license key, you will need to request one via the OneSpan licensing page.
You can skip this step and leave the Load License Key from file field empty and click Next. This is applicable if your database already contains the license key or if you are not able to obtain a license key at the moment.
If the selected license key is not valid for this installation, the Maintenance Wizard will display a respective message. This may occur if the license key is for another product, version, component, or IP address or if it has become corrupted. For more information about obtaining a license key, see Obtaining and loading license keys.
Configure the server functionality.
On the Server Functionality page, select the server functionality you require by enabling the respective checkboxes.
Configure the SSL certificate for the SOAP communicator.
To install your own SSL certificate:
Select Install my own SSL certificate from the Certificate Option list.
Specify the required private SSL certificate details in the SSL Server Certificate Selection page.
- Private key file
- Private key password
- Certificate file
- (OPTIONAL) Intermediate certificate bundle
- Certificate authority (CA) file
To generate and install a new test SSL certificate:
Select Generate and Install a self-signed certificate from the Certificate Option list.
Type a password for the private key twice to prevent typing errors.
Select a signature algorithm.
Private key passwords used for SSL certificates must comply with the following requirements:
- At least 16 characters long
- Contains at least 1 lowercase character
- Contains at least 1 uppercase character
- Contains at least 1 numeric character
You can also choose to keep the existing certificate by selecting Use an existing certificate from another component.
To avoid issues with certificates that are bound to IP addresses, the default option for this and the subsequent SSL certificate configuration pages is to generate and install a new certificate.
Repeat the previous step to configure the SSL certificates for:
- SEAL communicator
- RADIUS communicator
- MDC server
- Live Audit connection
- When you configure the SSL certificates for these components, you can also choose to use an existing certificate by selecting Use an existing certificate from another component from the Certificate Option list.
Verify the selected configuration on the Confirmation page and click Next to proceed.
The Maintenance Wizard will now apply the changes to the configuration file and data store. After it finishes, it display a Summarypage.
- Click Finish to complete the configuration process and exit the Maintenance Wizard.
- If you have not already changed the IP address of the machine, do so now before continuing with this procedure. Perform any other administrative actions required such as restarting the machine and reconfiguring other applications.
- Inspect the startup audit messages of OneSpan Authentication Server to verify that no problems occurred during the restart.
If Audit Viewer is installed on the machine, its node for this OneSpan Authentication Server instance may be stored in each user's profile:
- As each affected user, open Audit Viewer and expand the Server node in the tree pane.
- Right-click on the Local Server node and select Properties. Modify the Server Location to the new IP address.
- Click OK to save the change and exit Audit Viewer.
If any other OneSpan Authentication Server instances are set up to replicate data changes to this OneSpan Authentication Server instance, modify the configuration for each instance as follows:
- Open Configuration Utility and switch to the Destination Servers tab in the Replication section.
- Select the row in the Destination Servers list that corresponds to the server that has changed IP address. Click Edit.
- Modify the Server Location to the new IP address and click OK.
- Click OK to save the change and exit. You will be prompted to restart the service.
You need to reconfigure any client components that are not on this machine with the new IP address for this OneSpan Authentication Server instance:
- Administration Web Interface
- Tcl Command-Line Administration tool
- Audit Viewer
- SOAP clients
- RADIUS clients
- Digipass Authentication Module components
- Digipass Authentication for Windows Logon
Restart the OneSpan Authentication Server service to allow the server to detect the new administration client.
If Administration Web Interface is installed on the same system as OneSpan Authentication Server, the configuration must be updated so that the Administration Web Interface points to the new IP address on which OneSpan Authentication Server is running. This can be done via the OneSpan Web Configuration Tool (see OneSpan Web Configuration Tool (admintool)).
- Test that OneSpan Authentication Server works with the new IP address.
- Once everything is working, delete the old OneSpan Authentication Server record via the Administration Web Interface.