02-20-2024 08:50 PM - edited 02-20-2024 08:55 PM
One of my PSN node has expired certificate. How can I need to do to change expired certificate? now I can't to generate CSR because of error "You are attempting to generate a CSR whose subject matches the subject of an existing certificate on the same node. This is only permitted when you are replacing a certificate of the same role. Note that the subject is the concatenation of several fields (for example, CN, O, OU, etc.) You can create a unique subject by varying the values in these fields." - BTW I tried to change CN and CSR was generated but I couldn't export it. Maybe it because of "Node not in sync"?
Maybe somebody knows how can I perform it wright?
02-21-2024 06:49 AM
Change the CSR fields to something that doesn't conflict with an existing certificate.
02-21-2024 06:54 AM
as I wrote - BTW I tried to change CN and CSR was generated but I couldn't export it.
02-21-2024 07:02 AM
What exact error did you receive when you tried to export it? Since this is just a PSN, I would just rebuild it from scratch at this point and rejoin to PAN.
02-21-2024 07:04 AM
I uploaded image
02-21-2024 07:14 AM
Yeah I would just rebuild the node from ISO/OVA. It's not worth the time in my experience to continue troubleshooting a PSN.
02-21-2024 07:17 AM
And what about licence? Will it be OK?
02-21-2024 07:22 AM
Yes, licenses are managed by the admin nodes, not the PSNs.
02-21-2024 07:24 AM
Thanks for answering! I want to try use self-signed certificate firstly (it's not using now on this node)
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide