In addition to the regular rotation of certificates every 90 days, the CA certificate will also expire after 10 years and must then be replaced. The user will be informed of this 120 days in advance (by e-mail and notification upon login). Client certificates created with this CA must then be replaced so that the device can continue to connect to the icom Connectivity Suite.
The VPN Settings field on the Device information page displays the serial numbers of the certificates issued for this device. If the serial number is bold and black, the certificate is up to date. A yellow number means that the certificate was issued by the old CA and will only work for another 30-120 days (as long as the old CA certificate is valid). The serial number is displayed in red below 30 days validity. If more than one serial number is displayed, these are certificates that have been issued but not yet applied, or certificates that have expired but not yet been deleted. Normally, expired certificates will be deleted after 15-30 minutes. If multiple serial numbers are displayed, it is recommended to replace the certificate and update the configuration for the icom Connectivity Suite on the router.
Depending on the device and its state, the following actions are required to replace the certificate and update the configuration:
INSYS router that is still accessible in the icom Connectivity Suite
Ensure that the update server of the icom Connectivity Suite is activated in the router. This takes place in the Administration → Automatic update menu of the router. If this is activated, the certificate will be updated automatically during operation.
INSYS router that cannot be accessed in the icom Connectivity Suite any more
In this case, the certificate must be replaced via local access to the router. Refer to the Manual configuration section in Configuring an INSYS Router With icom OS for a Connection to the icom Connectivity Suite – VPN (for an icom OS router) or Configuring an INSYS Router With INSYS OS for a Connection to the icom Connectivity Suite – VPN (for an INSYS OS router).
Third-party device (PC, control, tablet, etc.)
In case of a third-party device, the OpenVPN configuration must be replaced manually on the third-party device. Refer to Configuring a Windows PC for a Connection to the icom Connectivity Suite – VPN (for a Windows PC, other third-party devices are similar).