Views:
Replace a certificate with a new one, for example, when you have certificates which have expired or will expire soon. When you replace a certificate, the SMS certificate repository automatically updates managed devices with the new certificate.
Simply adding the new certificate and deleting the old one would require you to also update any configuration settings to use the new certificate. Replacing the certificate changes the certificate while preserving any existing references in these configuration settings.
When replacing a certificate, consider the following:
  • The replacement certificate is not already in the SMS certificate repository.
  • You must have the Device X509 Certification Configuration capability in your user role for all of the devices where the certificate is replaced.
  • All devices with the certificate must be managed by the SMS at the time of replacement. If the SMS cannot communicate with all of the devices with the certificate, the SMS displays an error message.
Note
Note
Replacing certificates requires the Admin X509 Certificate Management capability in your user role.

Procedure

  1. To replace certificates, go to AdminCertificate ManagementCertificates. To replace CA certificates, go to AdminCertificate ManagementCA Certificates.
  2. Click Replace.
    • For certificates with a private key, browse to and open a certificate. For PEM/DER certificates, browse to and open the associated private key. (Optional) Provide a password to encrypt the private key.
    • For certificates without a private key or CA certificates, browse to and open a certificate. Private keys in PKCS12 files are ignored. Select the file format of the certificate.
  3. Click OK.
    The replaced certificate is saved under the original name with _REPLACED appended. The new certificate replaces the old certificate on the corresponding devices and the SMS.