Skip to main content
Skip table of contents

Important Advisory: Device Certificate Renewal Issue on IGEL OS 12.4.0 and Earlier

Please be informed of a critical issue affecting IGEL OS devices running version 12.4.0 or earlier. These devices are unable to automatically renew their device certificate during boot. Once the certificate expires, the device will no longer be able to connect to the Universal Management Suite (UMS), resulting in the device becoming unmanageable.

 

Recommended Action

To prevent service disruption, we strongly recommend upgrading all affected devices to IGEL OS version 12.4.1 or later, where this issue has been resolved. These / all later versions resolve the issue and ensure automatic renewal of device certificates.

 

Temporary Mitigation (for Devices with Valid Certificate)

If an upgrade is not immediately possible and the device certificate is still valid, you can trigger a manual certificate renewal using the following custom command via a UMS profile:

rmagent-state -w connected && rmagent-check-reenroll (as network final custom command)

 

Mitigation for Devices with Expired Certificate

If a device's certificate has already expired and it can no longer connect to UMS, there are two recovery options:

  • Local Certificate Renewal

    • Manually access the device and execute the following command in the local terminal / SSH:

/sbin/rmagent-check-reenroll

  • Factory Reset and Re-Onboarding of Device:

    • If local access is possible, you can also reset the device to factory defaults and re-onboard it to UMS, which will issue a new certificate.

FAQ

How long are the certificates typically valid - from the time of registration? In other words, when is a certificate renewal usually due?

Certificates are valid for one year from the date of issuance/registration in UMS. The client automatically requests a renewal from the UMS 30 days before the expiration date - and again with every reboot (until the certificate expires).

Is there a command to check when a certificate expires? Can this be viewed in the UMS?

In the UMS, you can find the Registration Date under System Information → Reigstration Date - this field can also be used as a search criterion. That said, we’ve reviewed the Registration Date and found it’s not entirely rliable.

For example:

One device shows a Registration Date of 08.04.2024, ibut the certificate is dated 10.03.2025. So while the Registration Date can be used as an indicator, it may not be a fully accurate reference for certificate validity.

This issue only affects OS12 and is limited to the certificate renewal process.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close