How to update your taxware.net SSL certificate (.NET)

This article is for SOAP customers who are still using the taxware.net endpoints.

Before you begin

• Make sure that the current Web Services Client environment exists and that the smoke test is working properly.
• Download the new Sovos Server SSL certificate from the Sovos Portal. You may have to rename the new serverssl.crt you download.

Extract the intermediate certificate

1. Open the certificate that you downloaded from the Sovos Portal. If you use Windows, you can double click on the certificate to open it.
2. Click on the Certification Path tab.
   
   
   
   
3. Click on Go Daddy Secure Certificate Authority - G2, then click View Certificate. This is the intermediate certificate.
   
   
   
   
4. The intermediate certificate will open. Click on the Details tab.
   
   
   
   
5. Click Copy to File... to launch the Certificate Export Wizard.
   
   
   
   
6. In the Certificate Export Wizard, click Next.
   
   
   
   
7. Select Base-64 encoded X.509 (.CER), then click Next.
   
   
   
   
8. Enter SovosIntermediateCert in the File name field, then click Next.
   
   
   
   
9. Make sure that the file will be saved in the Certs folder in the adapter directory. Click Finish to save the file.

Add the new Server SSL certificate

Using the Sovos Certificate Management Utility

The following steps explain how to use the Sovos Certificate Management Utility to add a Server SSL certificate. If you're unable to add the new certificate using Sovos Certificate Management Utility, skip to the next section, Using Microsoft Management Console, to learn how to add the certificate manually.

1. Back up the existing Web Services Client directories, including sub-folders. This will allow you to roll back in case something happens while updating the certificate.
2. Place the new Server SSL certificate into <Web Services Client>\certs.
3. Run PKICertificateMgmt.exe as Administrator from <Web Services Client>\certs. The Certificate Management Utility will start.
4. Select 3. Import a Certificate.
5. Select 3. Import Server SSL Certificate. You'll receive a message confirming that the import was successful.
6. Run the smoke test to make sure you're able to connect to Sovos' servers.

Using the Microsoft Management Console with the Certificates snap-in

The following steps explain how to manually add a Server SSL certificate. You should only follow these steps if you're unable to successfully add the Server SSL certificate using the Sovos Certificate Management Utility. If your Microsoft Management Console does not have the Certificates snap-in under the Console Root, skip to the next section to learn how to add it.

1. Back up the existing Web Services Client directories, including sub-folders. This will allow you to roll back in case something happens while updating the certificate.
2. Place the new Server SSL certificate into <Web Services Client>\certs.
3. Right-click on the new certificate, then click Install Certificate.
4. Select your store location, then click Next.
   If you're not sure which one applies to you, open Windows Explorer and go to \Configuration\SOAPClientCertMgmt.xml; certificateStoreLocation should be set to either CURRENT_USER or LOCAL_MACHINE. You must be a system administrator to store the certificate to the local machine.
   
   
   
5. Select Place all certificates in the following store and enter Personal in the Certificate store field, then click Next.
   
   
   
   
6. Click Finish.
   
   
   
   
7. You'll get a popup saying that the import was successful. Click OK.
8. Run the smoke test to make sure you're able to connect to Sovos' servers.

Using the Microsoft Management Console without the Certificates snap-in

The following steps explain how to manually add a Server SSL certificate. You should only follow these steps if you're unable to successfully add the Server SSL certificate using the Sovos Certificate Management Utility and your Microsoft Management Console does not have the Certificates snap-in.

1. From the Windows Start Menu, open the Run dialog box.
   
   
   
   
2. Enter mmc, then click OK. This will start the Microsoft Management Console.
   
   
   
   
3. Go to File > Add/Remove Snap-in.
   
   
   
   
4. Select Certificates from the list of available snap-ins, then click Add.
   
   
   
   
5. A popup will appear asking which account the snap-in should manage certificates for. This depends on whether the certificateStoreLocation is set to CURRENT_USER or LOCAL_MACHINE, which you can check by opening Windows Explorer and going to \Configuration\SOAPClientCertMgmt.xml.
   
   • If certificateStoreLocation is set to CURRENT_USER, select My user account, then click Finish.
     
     
     
     
   • If certificateStoreLocation is set to LOCAL_MACHINE, select Computer account and click Next. Select Local computer, then click Finish.
     
     
     
     
     
     
6. The Certificates snap-in should now appear in the Selected snap-ins box. Click OK to close the Add or Remove Snap-ins window.
   
   
   
   
7. The Certificates snap-in should now appear under Console Root in the Microsoft Management Console.
   
   
   
   
8. In the side menu of the Microsoft Management Console, select Console Root > Certificates > Personal > Certificates.
   
   
   
   
9. Select Action> All Tasks > Import... to open the Certificate Import Wizard.
   
   
   
   
10. Click Next.
    
    
    
    
11. Click Browse.
    
    
    
    
12. Go to <Web Services Client>\certs and select the new certificate, then click Open.
13. Click Next.
14. If prompted, enter your password, then click Next.
15. Select Place all certificates in the following store and enter Personal in the Certificate store field, then click Next.
    
    
    
    
16. Click Finish.
    
    
    
    
17. You'll get a popup saying that the import was successful. Click OK.
18. Run the smoke test to make sure you're able to connect to Sovos' servers.

Delete the old SSL certificate and rename the new certificate

Using the Sovos Certificate Management Utility

The following steps explain how to use the Sovos Certificate Management Utility to delete the old SSL certificate. If you're unable to delete the old certificate using Sovos Certificate Management Utility, skip to the next section, Using Microsoft Management Console, to learn how to delete the certificate manually.

1. In <Web Services Client>\certs, note the name of the original certificate file (e.g. serverssl.crt).
2. Run PKICertificateMgmt.exe as Administrator from <Web Services Client>\certs. The Certificate Management Utility will start.
3. Select 6. Delete a Certificate.
4. Select 3. Delete Server SSL Certificate.
5. Press Y on your keyboard to confirm that you want to delete the old server SSL certificate.
6. Press Enter and then 0 on your keyboard to return to the main menu.
7. Rename the new certificate file to match the old certificate file name. For example, if the original certificate file was named serverssl.crt, delete serverssl.crt and then rename the new certificate file serverssl.crt. <Web Services Client> should now only contain one certificate.
8. Run the smoke test to make sure you're able to connect to Sovos' servers.

Using the Microsoft Management Console

The following steps explain how to manually delete the old SSL certificate. You should only follow these steps if you're unable to successfully delete the old certificate using the Sovos Certificate Management Utility.

1. In <Web Services Client>\certs, note the name of the original certificate file (e.g. serverssl.crt).
2. From the Windows Start Menu, open the Run dialog box.
   
   
   
   
3. Enter mmc, then click OK. This will start the Microsoft Management Console.
   
   
   
   
4. Right-click the old SSL certificate, then click Delete.
   
   
   
   
5. Click Yes on the popup to delete the certificate from the Microsoft Management Console.
6. Rename the new certificate file to match the old certificate file name. For example, if the original certificate file was named serverssl.crt, delete serverssl.crt and then rename the new certificate file serverssl.crt. <Web Services Client> should now only contain one certificate.
7. Run the smoke test to make sure you're able to connect to Sovos' servers.

Run the smoke test

Run SOAPClientConsole.exe in the Web Services Client directory as a system administrator to check if you're connected to the SOAP server. Check the smoke test log file (SOAPClientTrace.log) to see if there are errors.

The following image is an example of a successful smoke test:

The following image is an example of an unsuccessful smoke test:

Add the intermediate SSL certificate

We only recommend adding the intermediate SSL certificate if you've successfully added the new SSL certificate but are unable to successfully complete a smoke test.

To add the intermediate SSL certificate, follow the steps for adding a new SSL certificate using Microsoft Management Console, placing the intermediate SSL certificate in <Web Services Client>\certs instead of the new SSL certificate.

Restart adapter services

After you've run a successful smoke test, you must restart your adapter services.

Additional steps for multiple adapters

If you have multiple adapters that use the same keystore files (clones), you can follow these steps to speed up the upgrade process and minimize downtime requirements.

1. Back up the existing Web Services Client directories, including sub-folders. This will allow you to roll back in case something happens while updating the certificate.
2. Copy the Certs and Keystores directories from an updated adapter.
3. Paste the Certs and Keystores directories into the non-updated adapter and overwrite the existing files.
4. Run a smoke test.
5. Restart the service. If you have multiple services, to keep your services available during the update process, you can update each adapter service one at a time and restart the service.
6. Repeat steps 1-5 until complete.