We want to change the certificate that is currently on our ICG for our remote access devices from the UMS created certificate to a DigiCert certificate due to an audit finding. We have roughly 75 devices deployed remotely. We are on UMS version 6.02.110 and ICG version 2.01.100. Is there a way to change the certificate (same FQDN name) without having to bring in all remote devices and not disconnecting them from the system? What is the process that needs to be followed? I have found plenty of information on renewing the certificate that is currently there but not for changing the certificate used. Thanks.
So, we are speaking about a Root Certificate change, right? That‘s a bit tough but not impossible.
Beside the fact that I highly encourage you to update UMS and ICG to latest builds (which is mandatory in my view at least on UMS), I would consider to go the script way:
Thank you @member. I plan on updating the UMS and ICG but need to resolve the certificate issue first. The script looks like it will take care of the end devices then, can I actually have both certificates on the ICG while testing or will I need to fully replace and hope for the best. Sorry, I’m not ac familiar with the ICG component of iGel. Thanks.
No issue at all! I would rather setup a second ICG Server, since you cannot use two keystores on one ICG Server. It would replace the old one, which isn‘t helpful since you might loose contact to your devices.
The script would help you by assigning it before migration to move the device from old to new ICG after reboot.
One more question then, can I have two ICG servers in one UMS console?
Yes, that works and I would recommend it for your transition phase! The Root Certificate replacement might get easier in a near future!
This is supported today actually
I am looking for the KB article on how to use the new functionality to update the root certificate on an ICG
on UMS 6.02.100?
kb.igel.com/igelicg-2.02/en/exchanging-the-root-certificate-for-icg-37283733.html
Ah, not on 6.02.100, but recomended to upgrade to get the latest functionality
Thank you very much. I am going to rethink the order I will take to get this accomplished successfully. It looks like doing the updates may be a better choice before changing the certificate.
Continue reading and comment on the thread ‘Is there a way to change the certificate (same FQDN name) without having to bring in all remote devices and not disconnecting them from the UMS?’. Not a member? Join Here!
Learn more, search the IGEL Knowledge Base
Ask a question or comment on the above message thread?
Join or log in to the IGEL Community to ask us anything and meet other IGEL customers, partners, and EUC enthusiasts.Submit a question, or Join Today!