I’m looking for some help on updating the “soon to be expiring” Bigfix remote control server’s ssl certificate.
Bigfix remote control Version is 9.1.4.0612. It has a current CA signed (internal) ssl cert which is expiring soon.
For the current certificate, Last year, I created certificate request file *.arm using IBM key manager and followed the pdf document “Remote_Control_Admin_Guide” (page 11 & 12) to receive .cer file into the key manager (into default keystore).
Past week, To renew the cert, I used IBM key manager again and created a new certificate request file for the internal CA server and received another *.cer file.
How do I proceed. Do I need to delete the current expiring ssl certificate in the keystore and then perform the same receive steps using ikeyman.exe or can I just perform the receive steps and it will overwrite the old ssl certificate? Or are there anymore steps which are needed for this renewal process.
Appreciate any insight and help.
Hi RupG,
You need to open the jks file with ikeyman and delete the old certificates and certificate requests.
You should find them in Personal Certificates:
and in Personal Certificate Requests:
Make sure that the correct CA Root certificates are loaded in Signer Certificates:
Once you have performed these checks you can proceed with the new certificate request and receive.
f.pezzotti , Thanks for your reply. Couple more questions if you are able to help
I had already created a new certificate request.
- Do I have to remove exiting expiring certificate and “old and new certificate requests” first before I receive the new certificate
or
- Can I receive the new certificate into keystore and then delete the expiring certificate and old certificate request leaving the new certificate request as it is?
You need to keep only the new certificate request before receiving the new certificate.
You can delete the old certificate and related request before or after importing the new certificate. It doesn’t matter. I suggest you to delete the old stuff before the receive procedure and keep only the new certificate request so that you don’t get confused by many entries in the keystore.
Don’t forget to check the Signer Certificates too. If they are changed you need to delete them and import the new ones. This can be done also after that you received the new certificate into the keystore.
