Rotate the certificate authority (CA) used by an agent while minimizing the impact to
agent communications.
-
On the agent web server, update the agent.properties file
to add the new CA certificate.
-
Concatenate the old and new CA certificates in PEM encoding format into
a new file.
-
Encode the contents of the file to Base64.
-
Open the agent.properties file and set the value
of the
agent.engine.configuration.bootstrap.truststore
line to the encoded content.
agent.engine.configuration.bootstrap.truststore=<Encoded_content>=
-
Restart the agent web server.
-
Update the PingAccess configuration to use a new server certificate signed by
the new CA for the agent HTTPS listener.
-
Identify a key pair to use. If necessary, create a new key pair.
-
Generate a CSR for that key pair.
-
Submit that CSR to the new CA to get a new signed certificate.
-
Import the CSR response (the new certificate) into PingAccess.
-
Assign the key pair to the agent HTTPS listener.