Applies only to SafeConsole OnPrem.


How to prepare and move an existing SafeConsole server to a new server location.


Step 1 – Setup the New Server Machine and Install the New SafeConsole 


  1. Install the SafeConsole server software on the new server machine.
  2. Please use the same version of the installation package on the new SafeConsole server as was used on the old server.
  3. Have the new server prepared and connected to the same domain as the old server. 

Step 2 – Copy Existing Data from the Old SafeConsole Server


  • Stop the old SafeConsole server service
  • Make sure that also the new SafeConsole server service is stopped
  • Copy the two folders “db” and “cert” from the root of your old SafeConsole program folder to the same folder location on the new server.
  • Copy the file “keystore.p12” and “SafeConsole.ini” from the root of your old SafeConsole program folder to the same folder location on the new server.


Step 3 (Preferred) – Set the New Server Name to Same as the Old Server Name 

  1. Change the internal DNS host records IP-address of the existing server to the new servers IP-address.
  2. Once the new server has the old servers host name, demote the old server and take it offline.


Step 4 - Run SafeConsoleConfigurator

  1. Launch the SafeConsoleConfigurator.exe from the install root folder and verify that all settings are present.
  2. After finishing the steps you will be prompted to start SafeConsole.
  3. Answer 'yes' and SafeConsole should start with all your settings intact. 


You have now successfully migrated your SafeConsole. Steps A-D below need only be performed if step 3 cannot be completed.


If there is no way of naming the new server to the old server name follow steps A-D.


You should not create any new SSL Certificate for the new server and propagate this to the devices if:

  • It is possible to have the host name of the new server to have the name of your old server machine
  • You can modify your DNS records so that the old server name points to your new server machine  


Alternate Migration - Only if Step 3 Cannot be Performed


A. Generate a New SSL-certificate


If you cannot follow step 3 you will need a new certificate that matches the new SafeConsole server name, this should be avoided if possible as it will require all devices to call in to server to complete the migration.


There are two ways of getting a new certificate to SafeConsole:

  • Using your own issued SSL-certificate from an internal CA-server with the subject of your new server machine (eg. Newhost.mydomain.local) using MS IIS or another tool
  • Using a self-signed certificate from SafeConsole Use the SafeConsole configurator on the new server to create a certificate. 


B. Import the new certificate to the old SafeConsole

  1. Extract the public certificate from the created .pfx file or p12 file. This step can be performed by installing the certificate on a machine and then exporting the public certificate (without the private key) from Internet Explorer on that machine.
  2. Import the new SSL-certificate (crt-file) to the old SafeConsole server from within the SafeConsole web interface using the ‘Installed certificates’ window. 


C. Change "Server connections" Settings in the Old Server 


In the old server SafeConsole web interface :

  1. Go to the Server Connections (used to be Public Server) tab in ‘Configuration overview’
  2. Set ‘redirect URL field’ to the new server address (eg. Newhost.mydomain.local)
  3. Set the replacement certificate to the new SSL-certificate you imported in Step B. 


D. Wait until all Devices Are Used/Updated to the New Server

  • When all devices are updated to connect to the new server, shut down the old SafeConsole server. 
  • All devices need to be used/unlocked once with a server connection to get the new server information. 


You have completed the migration.