Hi Guys,
I need a little help with installing new certificates on an AES R7.0.
The default certs have expired some time ago (the customer isn't using the AES at the moment but will be shortly) and need to be renewed.
The plan is to use the SMGR as the CA and this is the part I'm confused on.
From what I've read the process should be:
1- Download the SMGR CA PEM file and install on the AES.
2- Generate the CSR on the AES and copy the entire contents of the certificate.
3- Add the AES Entity on SMGR and paste in the CSR generated by the AES.
4- The SMGR generates the Server Certificate based on the CSR for the AES.
5- Import the Server Certificate onto the AES.
However the section "System Manager Trust Management" within PSN004561 doesn't mention anything about generating the CSR and using this to create the AES Certificate. The PSN steps are:
1- Create AES Entity with SMGR.
2- Create the AES Server Certificate.
3- Download the SMGR CA.
4- Import the SMGR CA onto the AES.
5- Import the AES Server Certificate onto the AES.
I think both ways will work but I'm not sure whats the best/correct way or if it makes any difference?
I suppose if your not using the SMGR as the CA then you'd need to create the CSR on the AES and then pass this over to your CA to generate the Server Certificate?
Also if I update the certificate will I need to do anything on the CM? Is the AES Server Certificate used by the client when it connects to the AES, therefore the link between the CM and AES isn't affected by the cert expiring and then being renewed.
Thanks
Glimma
I need a little help with installing new certificates on an AES R7.0.
The default certs have expired some time ago (the customer isn't using the AES at the moment but will be shortly) and need to be renewed.
The plan is to use the SMGR as the CA and this is the part I'm confused on.
From what I've read the process should be:
1- Download the SMGR CA PEM file and install on the AES.
2- Generate the CSR on the AES and copy the entire contents of the certificate.
3- Add the AES Entity on SMGR and paste in the CSR generated by the AES.
4- The SMGR generates the Server Certificate based on the CSR for the AES.
5- Import the Server Certificate onto the AES.
However the section "System Manager Trust Management" within PSN004561 doesn't mention anything about generating the CSR and using this to create the AES Certificate. The PSN steps are:
1- Create AES Entity with SMGR.
2- Create the AES Server Certificate.
3- Download the SMGR CA.
4- Import the SMGR CA onto the AES.
5- Import the AES Server Certificate onto the AES.
I think both ways will work but I'm not sure whats the best/correct way or if it makes any difference?
I suppose if your not using the SMGR as the CA then you'd need to create the CSR on the AES and then pass this over to your CA to generate the Server Certificate?
Also if I update the certificate will I need to do anything on the CM? Is the AES Server Certificate used by the client when it connects to the AES, therefore the link between the CM and AES isn't affected by the cert expiring and then being renewed.
Thanks
Glimma