![]() ![]() In case AGENT has already applied new certificate (and reported it to ERA), AGENT will have also access to new CA certificate. Once this will work, distribute new AGENT certificate to all clients. ![]() ![]() That is why I would recommend to start with changing AGENT certificate first, and on limited number of clients, ideally acessible for case manual repair of AGENT installation will be required. Problem is with AGENT that has not connected since you created or imported CA certificate.īefore you change SERVER certificate, you have to be sure that all AGENTs has access to new CA certificate mentioned in. In case this CA certificate is present in ERA, connecting AGENT will automatically receive it. For this, AGENT has access to new CA certificate used to sign new SERVER certificate. I guess you have currently both old and new CA certificates in ERA, and that is why SERVER can verify (trusts) both old and new AGENT certificates.ĪGENT must be able to verify new SERVER certificate. In case certificates were generated during installation of ERA, CA certificate should be automatically available, and thus nothing has to be done for this part. This requires SERVER to have access to CA certificate that was used to sign new AGENT certificates. SERVER must be able to verify new AGENT certificates. In this case of migration, you have to ensure two things: ![]()
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |