Posted on 01-08-2019 07:10 AM
Hey again folks,
This is the first time I have had to do an SSL cert renewal on any Linux system, so apologies in advance if these are incredibly basic questions.
We have an existing cert provided by QuoVadis that expires early next month. Our Jamf web server is on Ubuntu and both Tomcat and the Jamf app are up to date. I'm aware I now need to generate a CSR from the web server, and then that will be used to purchase the new cert, which I then upload into Tomcat via the Jamf interface.
However, all the instructions I can find regard setting up from scratch, and I'm a little confused about how to handle this when we already have an existing keystore up and running. Do I use this existing keystore to generate a new CSR or create a new keystore from scratch?
If I use the existing keystore to generate the new CSR, will that invalidate the original cert immediately? Likewise if I generate a new keystore, I presume the original will then cease to work straight away?
If anybody has any working examples or a step-by-step guide for this it'd be hugely appreciated. Many thanks for your time everybody, as ever.
Posted on 01-09-2019 01:14 AM
Sorry for the bump on this. Somebody referenced me this page on the QuoVadis site to fill in and generate the command: [https://pkiwidgets.quovadisglobal.com/scriptgen/keytool.aspx](link URL)
This seems to generate the required command line for the CSR, but I'm a little concerned that once I generate this, the existing keystore will immediately be invalidated (the site recommends backing up and removing existing keystores?). Is this the normal process for renewing a third-party cert in Jamf?
Is there anything else that needs doing on the client-side also for them to pick up the new cert and begin using it?
Thanks for your help everybody.
Posted on 07-04-2019 07:00 AM
Did you ever find the answer to this @MBrownUoG ?
Posted on 07-04-2019 07:33 AM
Hey there. I went through Jamf support in the end and they sent me a brilliant little tool that handled everything for the cert renewal. I just ran it on a Mac, filled in all the details and it did everything we needed. I can't remember what it's called, but it's something Jamf developed themselves. Hopefully they can send you the same?
Posted on 12-02-2019 11:59 AM
@MBrownUoG Any memory of the Jamf provided tool?
Thx,
- Scott
Posted on 01-06-2020 04:16 AM
Super sorry, only just saw this! It was called SimpleSSL. I believe their support team will send it to you on request.