The certificate used for VPN access has expired and requires an update to maintain the highest level of security. VPN Connectivity for both user PCs and UCX systems requires updated certificates in order to reconnect. Refer to the following sections:
You must update the PC used to connect to the VPN AND update each UCX system in your network before you can use the VPN to perform remote configuration.
Step 1: Updating VPN certificate on user’s PC
This is only required to be done once for each PC that you use to connect to the VPN. Use the following process to update the authentication certificate on any PC (Win/Mac) used to connect the the E-MetroTel support VPN.- Connect your PC’s browser to remote.emetrotel.org and log in with your E-MetroTel UCX Remote Access account credentials.
- If you have forgot your password, you may request a password reset using the link provided. Follow the instructions in the email.
- All certificates issued by the VPN server are listed on the Certificates page. If you know the Name, Description, or User assigned when the certificate was originally created you may search for it using the browsers Search mechanism (usually Control-F or Command-F). The certificate would have been issued with a Type of PC or MAC.
- Once you find the certificate, proceed to Step 10.
- Alternatively, to find the existing PC device certificate, navigate to the Users page. Depending on the type of Remote VPN account credentials you have, this page may not be visible.
- Use your browser’s Search mechanism (usually Control-F or Command-F) and search for your email address.
- Click on the name (first column) associated with the email account.
- You will be presented a list of all the UCX and PC devices that have been issued a certificate for this user account.
- Scroll until you find the Name associated with your PC device.
- Click on the Name
- Click on Revoke Certificate and then confirm your decision
- Now click on Certificates and then click the New Certificate button
- Enter a Name, the Certificate Type (to match your device), and a Description, then click Create Certificate.
- Now click Download Certificate and choose the location where you will store the file.
- Follow the steps 1 through 8 of Install PC Certificate section of the PC OpenVPN Installation or refer to the Mac instructions on that same page. (Note that you must enter the “Y” or “y” key on step 6 instead of “any key“.)
- You may now connect to the E-MetroTel VPN using the standard connection procedure.
- Before removing the old folder from the configuration folder (Original_Config in this example):
- After removing the old configuration folder (Original_Config in this example):
Step 2: Updating the VPN certificate on each UCX System
E-MetroTel has now released a new software update for both UCX Release 6 and Release 7 systems that will replace the VPN certificate on the UCX without requiring the device to be unregistered and subsequently re-registered. If the VPN was previously registered and started (i.e. connected) it will re-connect automatically after the update. If it was registered by not started, it will be able to be started directly through the Web-based Configuration Utility or using the configured Remote Support Toggle/Remote Support Password feature codes (if enabled – refer to UCX Remote Access).
If your UCX system is set for Automatic Updates, the new certificate will be installed and the VPN returned to its previous connection state at the time of the next scheduled update. If you do not have Automatic Updates configured then you will need local or alternative remote access to the system to initiate the update, during which the new certificate will be installed and the VPN returned to its previous connection state.
Note that this software update only applies to Release 6 and Release 7 UCX systems. The following process can be used for systems that are at UCX Release 5 or earlier, or for systems that cannot be updated for some other reason.
Manually updating the VPN Certificate on a UCX system
You will need to have local access to the UCX or an alternative mechanism for connecting temporarily to the UCX through the customer's firewall to complete this procedure.This can be accomplished through remote desktop control applications such as Chrome Remote Desktop or Windows Remote Desktop Connection or other similar applications. Note that if the you may also try retrieving the UCX systems's public IP address through the Serial Number Records tool on the E-MetroTel partner portal. You may be able to access the UCX Web-based Configuration Tool through the system's public IP address if it is a cloud system or if the customer firewall has TCP port 443 forwarded to the system's internal address.
- Login to UCX Administration with your standard log-in credentials.
- Navigate to the Support / Remote Access page.
- The page will report Remote access stopped.
- Click on Unregister.
- Enter the password associated with the Email address (shown) that was originally used to register the UCX software.
- If you do not know the password, you may be able to unregister it using your own account email/password combination or that of someone else in your organization. If required, you may open a ticket with E-MetroTel support to unregister your system using the same remote desktop access method described above.
- Click on Unregister.
- Once the Un-Registration Complete message has been displayed, enter your Email, and Password for the account that you just updated the certificate for in the previous section, along with a Description for this UCX system and click Register.
- Then click Start to re-establish the VPN connection.
- The UCX software has now connected to the E-MetroTel VPN.