Updating or Replacing a Host Certificate

This section describes how to use the Centrify-PAS-ModifyInstallation.ps1 script to update an expired host certificate or change to a different host certificate. For additional Centrify-PAS-ModifyInstallation.ps1 script information, see Centrify-PAS-ModifyInstallation.

To update or replace a host certificate:

  1. If you are not already logged in to the Management node, log in as a user with administrator rights.
  2. At an elevated PowerShell prompt, run Centrify-PAS-ModifyInstallation.ps1 using the proper parameters to update or change the host certificate. Parameters include:

    • [-Hostname] <String>]—Enter the hostname you use to define the Installation.
    • [-Certificate] <String>]—Enter the location of the new host certificate.
    • [-CertificatePassword] <String>]—Enter the password for the host certificate, if a password is required.

    For example:

    .\Centrify-PAS-ModifyInstallation.ps1-Hostname pas.corpnet.com -Certificate C:\newcert\corpnet.com.p12
    -CertificatePassword certp355S3cret

  3. After updating the host certificate, you must create a new deployment and deploy it to Web and Background nodes. Once you create the new nodes, set the new deployment active. It is not necessary to create a new deployment for TCP Relay Logging and TCP Relay nodes. For detailed instructions on deploying new nodes, see the following sections:

    Note:   If you do not deploy new Web and Background nodes after changing the host certificate, the Web and Background nodes will keep using the old certificate.