Renew a Self-Signed Certificate (includes OsceEdgeRoot CA, webhost, and OsceOPA)


You should only use the renewcert command if you are using certificates created by the Edge Relay Setup program. If you run the renewcert on an Edge Relay Server that uses customer-specific certificates, the command deletes and replaces the customer-specific certificates with self-signed versions.


--cmd renewcert


--opacertpwd <VALUE>

OsceOPA certificate password


Keep root CA after certificate renewal (optional)


ofcedgecfg.exe --cmd renewcert --opacertpwd <OsceOPA certificate password> [--keeprootca]

Post-requisite command

After renewing your certificates, you must re-register the Edge Relay Server to the Apex One server.

For more information, see Register to an Apex One Server.


After re-registering to the Apex One server, you must ensure that all off-premises Security Agents reconnect to the Apex One server to obtain the updated certificates. Any off-premises Security Agent that does not receive the latest certificates is unable to connect to the Edge Relay Server.