Replace a certificate with a new one, for example, when you have
certificates which have expired or will expire soon. When you replace a
certificate, the SMS certificate repository automatically updates managed
devices with the new certificate.
Simply adding the new certificate and deleting the old one would
require you to also update any configuration settings to use the new
certificate. Replacing the certificate changes the certificate while preserving
any existing references in these configuration settings.
When replacing a certificate, consider the following:
- A certificate with a private key must be replaced by another certificate with a private key.
- A certificate without a private key must be replaced by another certificate without a private key.
- The replacement certificate must not already be in the SMS certificate repository.
- You must have the Device X509 Certification Configuration capability in your user role for all of the devices where the certificate is replaced.
- All devices with the certificate must be managed by the SMS at the time of replacement. If the SMS cannot communicate with all of the devices with the certificate, the SMS displays an error message.
 |
NoteReplacing certificates requires the
Admin X509 Certificate Management capability in your
user role.
|
Procedure
- To replace certificates, go to . To replace CA certificates, go to .
- Click
Replace.
- For certificates with a private key, browse to and open a certificate. For PEM/DER certificates, browse to and open the associated private key. (Optional) Provide a password to encrypt the private key.
- For certificates without a private key or CA certificates, browse to and open a certificate. Private keys in PKCS12 files are ignored. Select the file format of the certificate.
- Click
OK.
The replaced certificate is saved under the original name with
_REPLACEDappended. The new certificate replaces the old certificate on the corresponding devices and the SMS.