Had to update my signed cert before it expired tomorrow. All of our icg clients are not reconnecting after updating the cert. Should the igel automatically attempt to reconnect if they are unable to connect over icg? If so, whats the time frame?
After updating the certificate the icg service should restart automatically to load the new cert from the keystore. Have you checked if the icg service (apache tomcat server) is runing? Did you also check in the UMS console if the UMS server reconnected to the ICG server?
ICG did not reconnect to UMS automatically. I had to restart the icg services on the icg server. during the updating the cert, i did receive a ssh error referencing this file: /var/log/icg_install.log , but i couldn’t find it on my icg server
Did you reinstall ICG or just use the update certificate option? Also, did the root certificate stay the same, or did you change that as well?
To Chris’ point, changing the root cert will require your devices to rejoin the UMS. Also, I have seen when renewing certs (especially if they’re public), the sub CA can change between the time you minted before, and the renewal you did now. This can cause the ‘chain’ to be broken from the client cert side where the old chain contains an entry not present in the new client cert’s chain.
Continue reading and comment on the thread ‘All of our IGEL ICG devices are not reconnecting after updating certificate’. Not a member? Join Here!
Learn more, search the IGEL Knowledge Base
Ask a question or comment on the above message thread?
Join or log in to the IGEL Community to ask us anything and meet other IGEL customers, partners, and EUC enthusiasts.Submit a question, or Join Today!