Expiring Certificate - reporting and replacement

ERA is able to notify you about a Certificate or a Certification Authority that is going to expire. There are predefined Notifications for both ERA Certificate and ERA Certification Authority in the Notifications tab. To activate this feature, Edit Notification and specify details in Distribution section, such as email address or SNMP trap.

icon_details_hoverNOTE

Make sure you have configured SMTP connection settings in Server settings first. Once done, you can edit notification to add Distribution e-mail address.

If a computer has a certificate which is about to expire, it's status information will automatically change. The status will be reported to Dashboard, Computers list , Status Overview and Certificate tab:

cert_expire

To replace expiring Certification Authority or Certificate, follow these steps:

1.Create new Certification Authority with new validity period (in case the old one is going to expire), ideally making it valid immediately.

2.Create new Peer Certificates for ERA Server and other components (Agent/Proxy/MDM) within the validity period of your new Certification Authority.

3.Create policies to set new Peer Certificates. Apply the policies to ERA components, ERA Proxy, MDM and to ERA Agent on all client computers in your network.

4.Wait until the new Certification Authority and Peer Certificates are applied and the clients were replicated.

icon_details_hoverNOTE

Ideally, wait 24 hours or check if all of your ERA components (Agents/Proxy) have replicated at least twice.

5.Replace Server certificate in ERA Server Settings so that clients are able to authenticate using their new Peer Certificates.

6.Once you have completed all the steps above, every client is connecting to ERA and all is working as expected, revoke old Peer Certificates and delete the old Certification Authority.