04-10-2017 08:05 AM
When renewing CA certs in a distributed deployment are there any gotchas to be aware of? We would like to renew certs on individual nodes during different change windows. I don’t think this should be a problem as long as the certs are trusted but asking to be certain.
Thanks!
Solved! Go to Solution.
04-11-2017 04:23 PM
In ACS you have a primary and multiple secondary, so when renewing CA certs make sure you have the CA certificate installed in all the secondary and Primary first.
Renew the server certificate in the secondary first and then primary at the end. Use a CA signed certificate as a best practice.
If using self-signed, same logic applies.
-Krishnan
04-11-2017 04:23 PM
In ACS you have a primary and multiple secondary, so when renewing CA certs make sure you have the CA certificate installed in all the secondary and Primary first.
Renew the server certificate in the secondary first and then primary at the end. Use a CA signed certificate as a best practice.
If using self-signed, same logic applies.
-Krishnan
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: