Highlighted
Absent Member.
Absent Member.
181 views

Use of test-signing and othe test certifcates...?


Hi Guys,

These certificates are listed in NAM which would be expiring in next 51
days, namely,
test-provider
test-signing
test-encryption

I have a few questions regarding these certificates which were not
answered by documentation:

What is the use of these certificates?
How would it be possible to determine where these certs are being used?
Could these be deleted?
If not deleted, then what would be the process to renew them?
As far I see they are generated using the local CA.

Any pointers and help would be much appreciated.

Thank you,


--
ddgaikwad
------------------------------------------------------------------------
ddgaikwad's Profile: https://forums.netiq.com/member.php?userid=5917
View this thread: https://forums.netiq.com/showthread.php?t=52174

0 Likes
5 Replies
Highlighted
Absent Member.
Absent Member.

Re: Use of test-signing and othe test certifcates...?


ddgaikwad;250904 Wrote:
> Hi Guys,
>
> These certificates are listed in NAM which would be expiring in next 51
> days, namely,
> test-provider
> test-signing
> test-encryption
>
> I have a few questions regarding these certificates which were not
> answered by documentation:
>
> What is the use of these certificates?
> How would it be possible to determine where these certs are being used?
> Could these be deleted?
> If not deleted, then what would be the process to renew them?
> As far I see they are generated using the local CA.
>
> Any pointers and help would be much appreciated.
>
> Thank you,


The test certs are used by all NAM components (unless you've replaced
them with your own certs that you purchased). If you go into the NAM
admin console and select Security -> Certificates, it will show you that
the certs are used by X devices, and in which stores.

I would *not* delete these. Even if you DID purchase/use third party
SSL certs, leave them alone.

The certs should auto-renew, but I don't recall if this was always the
case with NAM. I'm 99.9% sure that in NAM 3.1 on up, the certs
auto-renewed. But I do not remember if it requires a restart of any of
the components for the updated cert to be loaded.


--
kjhurni
------------------------------------------------------------------------
kjhurni's Profile: https://forums.netiq.com/member.php?userid=322
View this thread: https://forums.netiq.com/showthread.php?t=52174

0 Likes
Highlighted
Absent Member.
Absent Member.

Re: Use of test-signing and othe test certifcates...?


That is good.
I am only worried about a scenario, what if these certificate do not
auto renew?
What would be the steps that I need to follow to renew they manually...
I am just worried that it does not blow up any thing...


--
ddgaikwad
------------------------------------------------------------------------
ddgaikwad's Profile: https://forums.netiq.com/member.php?userid=5917
View this thread: https://forums.netiq.com/showthread.php?t=52174

0 Likes
Highlighted
Absent Member.
Absent Member.

Re: Use of test-signing and othe test certifcates...?

ddgaikwad wrote:

>
> That is good.
> I am only worried about a scenario, what if these certificate do not
> auto renew?
> What would be the steps that I need to follow to renew they
> manually... I am just worried that it does not blow up any thing...


The default signing cert etc all auto renew from memory.

--
Cheers,
Edward
0 Likes
Highlighted
Absent Member.
Absent Member.

Re: Use of test-signing and othe test certifcates...?


edmaa;251081 Wrote:
> ddgaikwad wrote:
>
> >
> > That is good.
> > I am only worried about a scenario, what if these certificate do not
> > auto renew?
> > What would be the steps that I need to follow to renew they
> > manually... I am just worried that it does not blow up any thing...

>
> The default signing cert etc all auto renew from memory.
>
> --
> Cheers,
> Edward


Although in my test lab for 3.2 IRsomething, it didn't renew from memory
and I had to reboot the MAG/IDP (got a bunch of calls that nothing was
working in test environment).

But hopefully it was a flaky bug.

I never notice anything in my prod environment because I replaced (well
more accurately told all the components to use the same wildcard SSL
cert we bought).


--
kjhurni
------------------------------------------------------------------------
kjhurni's Profile: https://forums.netiq.com/member.php?userid=322
View this thread: https://forums.netiq.com/showthread.php?t=52174

0 Likes
Highlighted
Absent Member.
Absent Member.

Re: Use of test-signing and othe test certifcates...?


Cool, if they do renew automatically, then I have less to worry about.
I was just paranoid what if they do not, then in that situation I just
need to reboot the servers and it should take care of it.


--
ddgaikwad
------------------------------------------------------------------------
ddgaikwad's Profile: https://forums.netiq.com/member.php?userid=5917
View this thread: https://forums.netiq.com/showthread.php?t=52174

0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.