Using the SMC Active Update server

Once you have downloaded the databases on the SMC server, you must configure the SNS firewalls so that they use it as their Active Update server. This can be configured manually if you have few SNS firewalls, or automatically using a script.

The following files in the folder /etc/certs/activeupdate are used for TLS negotiations.

  • server.crt: server certificate,

  • server.key: server's private key,

  • activeupdate-ca.crt: certification authority that generates the server's certificate,

  • activeupdate-ca.key: private key of the certification authority.

These are generated the first time SMC is launched. The authority certificate is self-signed.

When SMC is updated, default files are automatically updated as well.

The following table lists the lowest versions of SMC required if you are using the SMC Active Update server with default certificates:

Version SNS

Lowest SMC version 

5.1.x and higher 3.9.2

4.3.x from 4.3.31 upwards

4.8.x from 4.8.7 upwards

5.0.x

3.9.1
All other versions from 4.3.0 upwards 3.1.0

Default certificates can be replaced with your own certification authority and your server certificate. In this case, restart the SMC server with the command nrestart smc after you have replaced them.

When SMC is updated, your custom files will be kept.