Renewing SSL Cert

MBrownUoG
Contributor

Hey again folks,

This is the first time I have had to do an SSL cert renewal on any Linux system, so apologies in advance if these are incredibly basic questions.

We have an existing cert provided by QuoVadis that expires early next month. Our Jamf web server is on Ubuntu and both Tomcat and the Jamf app are up to date. I'm aware I now need to generate a CSR from the web server, and then that will be used to purchase the new cert, which I then upload into Tomcat via the Jamf interface.

However, all the instructions I can find regard setting up from scratch, and I'm a little confused about how to handle this when we already have an existing keystore up and running. Do I use this existing keystore to generate a new CSR or create a new keystore from scratch?

If I use the existing keystore to generate the new CSR, will that invalidate the original cert immediately? Likewise if I generate a new keystore, I presume the original will then cease to work straight away?

If anybody has any working examples or a step-by-step guide for this it'd be hugely appreciated. Many thanks for your time everybody, as ever.

5 REPLIES 5

MBrownUoG
Contributor

Sorry for the bump on this. Somebody referenced me this page on the QuoVadis site to fill in and generate the command: [https://pkiwidgets.quovadisglobal.com/scriptgen/keytool.aspx](link URL)

This seems to generate the required command line for the CSR, but I'm a little concerned that once I generate this, the existing keystore will immediately be invalidated (the site recommends backing up and removing existing keystores?). Is this the normal process for renewing a third-party cert in Jamf?

Is there anything else that needs doing on the client-side also for them to pick up the new cert and begin using it?

Thanks for your help everybody.

dfarnworth_b
New Contributor III

Did you ever find the answer to this @MBrownUoG ?

MBrownUoG
Contributor

Hey there. I went through Jamf support in the end and they sent me a brilliant little tool that handled everything for the cert renewal. I just ran it on a Mac, filled in all the details and it did everything we needed. I can't remember what it's called, but it's something Jamf developed themselves. Hopefully they can send you the same?

ScottyBeach
Contributor

@MBrownUoG Any memory of the Jamf provided tool?
Thx,
- Scott

MBrownUoG
Contributor

Super sorry, only just saw this! It was called SimpleSSL. I believe their support team will send it to you on request.