Certificate Renewal for TLS
The following article shows how to manually and automatically renew a X.509 certificate used for TLS in yunIO.
Warning
Expired Certificate.
The Cryptographic key pair associated with the certificate is no longer valid and this may cause security risks. Always use a valid certificate. To access the Designer after a certificate has expired, delete the tls.json file in the yunIO installation directory (C:\Program Files\Theobald Software\yunIO\config\servers\) and restart the yunIO service. This resets all TLS settings in yunIO, including the certificate selection.
Renewal with New Key
To renew a certificate with new key:
- Before the old certificate expires, install a new certificate on the server machine.
- Open the yunIO Designer and reference the new certificate, see Server Settings - Transport Layer Security.
- Delete the old certificate from the Microsoft Certificate Store.
Renewal with the Same Key
To renew a certificate with the same key as before:
- Block external access to yunIO using the firewall.
- Open the yunIO Designer and enable anonymous access, see Access Restrictions - Anonymous Access.
- Disable TLS in the Designer, see Server Settings - Transport Layer Security.
- Renew the certificate with the same key using Windows AD Certificate Services.
- Enable TLS in the Designer with the new certificate.
- Disable anonymous access in the Designer.
- Allow external access to yunIO using the firewall.
Related Topics
- Install an X.509 Certificate
- Enable Secure Network Communication (SNC) via X.509 certificate
- yunIO Documentation: Server Settings
Last update: June 28, 2025
Written by: Valerie Schipka
Written by: Valerie Schipka