adrockk Contributor.
Contributor.
796 views

Certificate remint update bundle not applied to all devices

Hello,
I'm trying to remint the certs for my servers, and want to make sure this is behaving correctly. Here's the process I've followed so far -
We're using a 3rd party CA, and a wildcard cert for the servers. Our existing wildcard expired, and I'm reminting the server certs with the new wildcard.

I've started the remint for the servers in zcc, and placed the cert and the key in the remin-repo folder on each server.
It "consumed" them, and generated the cert update package.
This bundle, however, is only associated with the servers, and in the "pending certificate activation" status. It's not associated with any other devices.
Is this right? Do all of my endpoints need to know about the certs, or just the servers?
Running ZCM 17.1.

TIA,
Adam

Labels (1)
0 Likes
4 Replies
Highlighted
asudheer Absent Member.
Absent Member.

Re: Certificate remint update bundle not applied to all devi

Hi Adam,

I would first check the new certs as key.der (private key), server.crt (cert with server + intermediates only) and ca.der certificate with the CA certificate copied to the remint-repo folder.
0 Likes
adrockk Contributor.
Contributor.

Re: Certificate remint update bundle not applied to all devi

Hi Sudheer,

As I said:
I've started the remint for the servers in zcc, and placed the cert and the key in the remin-repo folder on each server. It "consumed" them, and generated the cert update package.

So, the certs and key are there.
There is a server.cer, key.der, and ca.cert.

0 Likes
Micro Focus Expert
Micro Focus Expert

Re: Certificate remint update bundle not applied to all devi

This is correct...……
The managed devices need to take no action...

If you were changing the CA, then Yes, the managed devices would need an action to ensure they trusted the new CA.
However, if only the SERVER CERT and not the CA CERT is changed, then only the servers need to be notified of the change.
0 Likes
adrockk Contributor.
Contributor.

Re: Certificate remint update bundle not applied to all devi

Great, that's what I wanted to hear. Thanks Craig!

-Adam

0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.