Steps to Renew the Logger and connector appliance CA certificates
I Would like to know the best practise for certificate renewal for the logger and connector appliance.
1. We had got CSR and sent for CA sign
2. We have CA signed certificate with "<servername>.cer" file.
What we are concerned is
1) whether we need to change the name as "server.cer" instead of "<servername>.cer"? is it really necessary to change the name ?
2) would like to know the steps for renewal of the logger and then what measure need to be taken before the upgrade of new renewed certificate, apart from server.crt and server.pem backup
3) also once we renew the certificate of logger we also need to update the conapp container with the latest certificate as I know but have not tried the exact steps.
Could some please help me on the certificate renewal process on Logger and Conapp h/w appliances via GUI.
Thanks in Advance!!!
I have tried my level best to answer your queries here.
1. No need to change the name or the certificate > .CER and .PEM both absolutely acceptable.
2. Once you have IMPORT AND INSTALL the certificate on Logger(System Admin> SSL Server Certificate>IMPORT AND INSTALL> Browse> Select certificate) refresh the browser and click on the LOCK icon and see for the renewal information.
3. Find the reporting Devices(Connectors feeding logs) from SUMMARY or DASHBOARD page.
4. Login to Connectors or Smart Connectors respectively. Go to NODE MANAGEMENT> select SYSTEM > click on Connectors > find the list of devices configured > Select the particular connector sending logs to that Logger location > Click and select connector > Click on Destinations > follow the guidelines accordingly.
5. Select Renew certificate> select Logger destination by check mark> next > Import the certificate on this Connector > Yes > Next > Done.
Instead of the Step 4 of the solution suggested above, you can use the Connector Appliance to push the certificates to the respective connectors and Smart Connectors.
In step 4. where do we find the NODE MANAGEMENT ?
I have SmartConnector where I need to update the logger certificate.
The only way I've found is to re-register them to the logger and accept the ne certificate using the runagentsetup script.