We want to change the certificate that is currently on our ICG for our remote access devices from the UMS created certificate to a DigiCert certificate due to an audit finding. We have roughly 75 devices deployed remotely. We are on UMS version 6.02.110 and ICG version 2.01.100. Is there a way to change the certificate (same FQDN name) without having to bring in all remote devices and not disconnecting them from the system? What is the process that needs to be followed? I have found plenty of information on renewing the certificate that is currently there but not for changing the certificate used. Thanks.
So, we are speaking about a Root Certificate change, right? That‘s a bit tough but not impossible.
Beside the fact that I highly encourage you to update UMS and ICG to latest builds (which is mandatory in my view at least on UMS), I would consider to go the script way:
Thank you @member. I plan on updating the UMS and ICG but need to resolve the certificate issue first. The script looks like it will take care of the end devices then, can I actually have both certificates on the ICG while testing or will I need to fully replace and hope for the best. Sorry, I’m not ac familiar with the ICG component of iGel. Thanks.
No issue at all! I would rather setup a second ICG Server, since you cannot use two keystores on one ICG Server. It would replace the old one, which isn‘t helpful since you might loose contact to your devices.
The script would help you by assigning it before migration to move the device from old to new ICG after reboot.
One more question then, can I have two ICG servers in one UMS console?
Yes, that works and I would recommend it for your transition phase! The Root Certificate replacement might get easier in a near future!
This is supported today actually
I am looking for the KB article on how to use the new functionality to update the root certificate on an ICG
on UMS 6.02.100?
Ah, not on 6.02.100, but recomended to upgrade to get the latest functionality
Thank you very much. I am going to rethink the order I will take to get this accomplished successfully. It looks like doing the updates may be a better choice before changing the certificate.
Continue reading and comment on the thread ‘Is there a way to change the certificate (same FQDN name) without having to bring in all remote devices and not disconnecting them from the UMS?’. Not a member? Join Here!
Learn more, search the IGEL Knowledge Base
Ask a question or comment on the above message thread?Join or log in to the IGEL Community to ask us anything and meet other IGEL customers, partners, and EUC enthusiasts.
Submit a question, or Join Today!
Popular Message Threads
- Receiving error: “Citrix Receiver cannot create a secure connection in this browser” when launching a secure connection from Firefox on IGEL OS
- How to Install IGEL OS via a Bootable USB Drive
- How to change the default IGEL UMS admin password?
- Where to delete the certificates that cause ‘invalid certificate’ when trying to import an IGEL into UMS?
- Citrix connection via Netscaler Error: “AM_ERROR_AUTH_NETWORK_ERROR” on IGEL OS
- IGEL UMS Universal Update Error: “could not resolve host name”
- Error connecting to Citrix StoreFront “Error adding store: Http error”