Subscribe

How to renew a Perforce server's SSL certificate

Installing Perforce on Ubuntu is easier than ever with the helix-p4d package. Most of the process is now automated, and it even generates an SSL certificate for you. But did you know that certificate expires after 2 years?

I didn't, until my partner tried logging into P4V and got this error:

Certificate date range invalid.

Perforce is not known for its helpful error messages.

My gut told me the SSL certificate was probably expired. My gut was right.

However, what I thought would be a 10-minute fix turned into 2 frustrating hours of troubleshooting and bouncing around the web in search of a solution.

This article is an attempt to save my future self and others from the same painful experience by boiling it down to a short, easy-to-follow guide.

It's worth noting here that the error above may be caused by a date mismatch between the client and the server. See this support article for more information.

In my case I wasn't able to check the expiration date because the Perforce server stopped running, but I knew it wasn't a date mismatch, so I assumed by process of elimination that it was an expired certificate. It's unclear to me if the server stopped because of the certificate issue or for unrelated reasons, but I couldn't start it back up again until the certificate was fixed.

The solution

Login to the host machine for your Perforce server and switch to the perforce user.

su perforce

Locate the ssl directory for your Perforce server and delete the old certificate files. Your path may differ depending on how you configured your server.

cd /opt/perforce/servers/<server-name>/ssl
rm certificate.txt
rm privatekey.txt

Generate a new certificate. (More info here)

p4d -Gc

This command may return an error:

P4SSLDIR not defined or does not reference a valid directory.

If it does, try setting the P4SSLDIR variable. (More info here)

export P4SSLDIR=/path/to/ssl/directory

Try generating a certificate again. If it works correctly, the command should exit without returning any messages.

Finally, if your Perforce server stopped like mine did, start it up again.

p4dctl start <server-name>

Your server now has a valid SSL certificate! Since the certificate changed, you'll get a new "trust this fingerprint?" warning when you login to P4V. Accept and carry on with your work.

If you have any problems or comments about this article, please reach out to me on Twitter.

If you found this article useful, please consider buying me a chai latte.

Newsletter

Subscribe to get our latest updates delivered straight to your inbox. No ads. No nonsense.