With the wonders of doing your certificates on a much more frequent basis now, this becomes a yearly task. If you are using the WebPlayer feature of Session Recording on-prem (it is really nice), there is a little more tedious process you have to complete.

https://docs.citrix.com/en-us/session-recording/1912-ltsr/view-recordings/session-recording-web-player.html

This link has the overview you need to get you through the process. The only step I did not see in the article was the startwebsocketserver command at the very end. The location of the SsRecWebSocketServer.exe.config file you can find in the C:\Program Files\Citrix\SessionRecording\Server\Bin folder. I recommended making a copy of the file before you start.

But for your steps….

Get the certificate from your certificate provider of choice.

Import the certificate onto the Session Recording server.

Bind the certificate in IIS.

Bind the certificate in the Session Recording Server properties.

Export the cert as PFX to a local folder.

Perform the operations in the link above using OpenSSL to convert the exported PFX into a PEM file and extract the key file.

Modify the SsRecWebSocketServer.exe.config file in the C:\Program Files\Citrix\SessionRecording\Server\Bin.

Enter the location for the cert file and the key file.

Save file.

Open an elevated command prompt.

Navigate to the C:\Program Files\Citrix\SessionRecording\Server\Bin folder.

Enter “TestPolicyAdmin.exe -stopwebsocketserver” and press enter.

Enter “TestPolicyAdmin.exe -startwebsocketserver” and press enter.

The WebPlayer should be working as expected. If you do not update the SsRecWebSocketServer.exe.config file, the WebPlayer will give a WebSocket error.