Path to regenerate expired certificate for PSN

dijix1990 · ‎02-20-2024

One of my PSN node has expired certificate. How can I need to do to change expired certificate? now I can't to generate CSR because of error "You are attempting to generate a CSR whose subject matches the subject of an existing certificate on the same node. This is only permitted when you are replacing a certificate of the same role. Note that the subject is the concatenation of several fields (for example, CN, O, OU, etc.) You can create a unique subject by varying the values in these fields." - BTW I tried to change CN and CSR was generated but I couldn't export it. Maybe it because of "Node not in sync"?

Maybe somebody knows how can I perform it wright?

ahollifield · ‎02-21-2024

Change the CSR fields to something that doesn't conflict with an existing certificate.

dijix1990 · ‎02-21-2024

as I wrote - BTW I tried to change CN and CSR was generated but I couldn't export it.

ahollifield · ‎02-21-2024

What exact error did you receive when you tried to export it? Since this is just a PSN, I would just rebuild it from scratch at this point and rejoin to PAN.

dijix1990 · ‎02-21-2024

I uploaded image

ahollifield · ‎02-21-2024

Yeah I would just rebuild the node from ISO/OVA. It's not worth the time in my experience to continue troubleshooting a PSN.

dijix1990 · ‎02-21-2024

And what about licence? Will it be OK?

ahollifield · ‎02-21-2024

Yes, licenses are managed by the admin nodes, not the PSNs.

dijix1990 · ‎02-21-2024

Thanks for answering! I want to try use self-signed certificate firstly (it's not using now on this node)