I can’t start the BIOVIA Pipeline Pilot services after replacing the SSL certificate and key. How can I resolve this?

When a certificate and private key from a certificate authority are imported via the BIOVIA Pipeline Pilot Administration Portal > Security > SSL Certificate page, and then Saved, the certificate and private key are saved to the following folders:
\web\conf as:
    ses-signed.crt
    ses-signed.key

\apps\scitegic\core\packages_win64\apache\httpd\conf\ssl as:
    ses-server.crt
    ses.server.key

Note: For Linux, replace packages_win64 with packages_linux64

If you imported an invalid SSL certificate or private key, this can prevent the Pipeline Pilot Services from starting. You can try the following steps to recover:

1. Change directory to \web\conf.
2. Delete or rename the following files:
     ses-signed.crt
     ses-signed.key

3. Change directory to \apps\scitegic\core\packages_win64\conf\ssl
Note: If you attempted to import your new SSL certificate and private key on for example 28-June-2021, your files might look like the following, where the ‘ses-server’ files were overwritten. The ‘ses-server’ files will most likely be invalid:

    06\28\2021 10:34 AM 3,232 ses-server.crt
    06\28\2021 10:34 AM 1,730 ses-server.key
    05\03\2021 04:02 PM 5,260 ses-vendor.crt
    05\03\2021 04:02 PM 1,732 ses-vendor.key

4. From this same folder, copy the following two files and paste into the same folder:
    ses-vendor.crt
    ses-vendor.key

5. Delete these two files:
    ses-server.crt
    ses-server.key

6. Rename these two files:
    ses-vendor-Copy.crt     to    ses-server.crt
    ses-vendor-Copy.key    to    ses-server.key

Your files should now look similar to the following:
    05/03/2021  04:02 PM             5,260 ses-server.crt
    05/03/2021  04:02 PM             1,732 ses-server.key
    05/03/2021  04:02 PM             5,260 ses-vendor.crt
    05/03/2021  04:02 PM             1,732 ses-vendor.key

7. Start the Pipeline Pilot Manager Service. It should start the remaining Pipeline Pilot Services. (The exception is the Jupyter Notebook Service in more recent Pipeline Pilot versions, which is separate).

8. Verify the Pipeline Pilot Services remain running, and that you can now log in to the Pipeline Pilot Administration Portal.

Note: clear your cache and cookies to log in to Pipeline Pilot.

9. Examine the original invalid certificate and\or private key files try and determine where the problem lies with your certificate. Generate a new SSL certificate and private key as needed.

10. Before attempting to re-import a new SSL certificate and private key, backup the ssl folder at \apps\scitegic\core\packages_win64\apache\httpd\conf. This will make it easier to recover if there is a problem with a certificate or private key.

BIOVIA Foundation Hub
If you have an invalid certificate keystore for Foundation Hub, you should be able to recover by following steps similar to those in “Updating the Password in the Keystore After a Certificate Change” in the BIOVIA Foundation Hub Installation and Configuration Guide.

For more information on certificates for BIOVIA Pipeline Pilot and Foundation Hub, see the following Guides:
BIOVIA Pipeline Pilot Admin Portal Guide 
BIOVIA Pipeline Pilot Server Installation Guide
BIOVIA Foundation Hub Installation and Configuration Guide