cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
293
Views
0
Helpful
3
Replies

Latest version of CSAMC5.2 - if domain suffix changed, need new cert?

wdr02
Level 1
Level 1

I know if MC name is changed, then the certificate has to be recreated along with other steps. How about if only the domain suffix is changed but the name stays the same? Will the agents still be okay?

3 Replies 3

pmccubbin
Level 5
Level 5

Hi William,

This is a good question and the first time I have heard it.

My answer is no because a fully qualified domain name (FQDN) includes the domain suffix which you want to change.

The FQDN, as you well know, is necessary when the Agent Kit is created on the CSA MC. This kit includes both the FQDN and the Certificate necessary for Agents to communicate with CSAMC.

As a bit of a review I googled FQDN and here is a definition:

"A fully qualified domain name consists of a host and domain name, including top-level domain. For example, http://www.webopedia.com is a fully qualified domain name. www is the host, webopedia is the second-level domain, and.com is the top level domain.

A FQDN always starts with a host name and continues all the way up to the top-level domain name, so http://www.parc.xerox.com is also a FQDN."

Hope this helps.

Please rate all useful responses.

Best,

Paul

Thats what I thought; the domain suffix change will be same as a hostname change. I will need to follow the steps for a hostname change (recreating certs, refreshing agent kits, reinstall agents, etc).

Interesting note; when you install CSACC 5.2 in a standalone workgroup, if the domain suffix is not manually defined , the CSAMC setup does not pick it up from the ethernet properties. The "Primary DNS suffix of this computer" has to be manually defined for the installer to have the proper fully qualified domain name, which is what the agent kits will make use of.

Hi William,

I agree with Paul that you do not need to recreate the cert and redeploy the agent kits, even with an MC hostname change.

I don't think you need to do anything other than update your DNS records.

I did some testing by changing the MC hostname and domain suffix and the only hiccup I found was that accessing the MC through the browser will always prompt because the certificate will never match.

The host still found the MC as long it could resolve the FQDN through DNS.

If I missed something, let me know.

Tom

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: