Updating Expired ICG Keystores
Security Warning
Never replace a root certificate!
The thin clients trust the root certificate. If the root certificate is replaced, the thin clients need to be reregistered with the UMS!
You can update an expired ICG keystore either manually or using the ICG Keystore Update wizard.
To update a keystore manually:
Start the UMS Console.
Under UMS Administration, go to Global Configuration > Certificate Management > Cloud Gateway.
Right-click the keystore; from the context menu, choose Create signed certificate.
Right-click your newly created certificate; from the context menu, choose Export certificate chain to IGEL Cloud Gateway keystore format.
Now transfer the
keystore.icg
keystore file to the ICG host.Run
/opt/IGEL/icg/keystore_update keystore.icg
as root.Requirement
- Install python to run (if python is not installed you will get an error)
- To install python use
sudo apt install python
The keystore will be replaced with the new one.
Reboot the ICG manually.
The UMS and the devices will automatically reconnect to the ICG.
To update a keystore using the ICG Keystore Update Wizard:
The ICG Keystore Update wizard introduced in UMS 5.09.100 offers a more convenient method to update an expired keystore.