Migrating to a Public Cert Questions

lehmanp00
Contributor III

I have read through this very good document:
https://jamfnation.jamfsoftware.com/article.html?id=115

But I still have a few questions.

  1. If I go though the steps of creating a Keystore and generating a CSR will it affect my existing clients now?

  2. When I actually install the new Public Key will it affect my current clients?

Thanks a bunch!

2 REPLIES 2

justinrummel
Contributor III

@lehmanp00

First I've never done a Self-Signed to a Signed cert while the JSS was in production, it's usually done at the beginning of my JumpStarts.

With that said I assume all your clients had the "Allow Self-Signed Certs" option enabled, so updating your SSL cert shouldn't have any issues.

bbergstein
New Contributor III

We actually did this about a year and a half ago. Its not too bad, assuming you get the SSL cert configured properly (with any intermediate CAs and such). I managed to not have the intermediate CA linked properly, which caused all kinds of problems, but once we straightened that out, all was good. My suggestion is to use an SSL tester like Entrust's (http://sslinstallcheck.entrust.net/SIC/jsp/MainWebAddress.jsp) to check that all is configured properly.

Also, you can do this in a completely separate Tomcat keystore without affecting your production one, and then just cut over once you have completed the whole CSR/request/acquisition/install process.