Updating or Replacing a Host Certificate
This section describes how to use the Centrify-PAS-ModifyInstallation.ps1 script to update an expired host certificate or change to a different host certificate. For additional Centrify-PAS-ModifyInstallation.ps1 script information, see Centrify-PAS-ModifyInstallation.
To update or replace a host certificate:
- If you are not already logged in to the Management node, log in as a user with administrator rights.
At an elevated PowerShell prompt, run Centrify-PAS-ModifyInstallation.ps1 using the proper parameters to update or change the host certificate. Parameters include:
- [-Hostname] <String>]—Enter the hostname you use to define the Installation.
- [-Certificate] <String>]—Enter the location of the new host certificate.
- [-CertificatePassword] <String>]—Enter the password for the host certificate, if a password is required.
.\Centrify-PAS-ModifyInstallation.ps1-Hostname pas.corpnet.com -Certificate C:\newcert\corpnet.com.p12
After updating the host certificate, you must create a new deployment and deploy it to Web and Background nodes. Once you create the new nodes, set the new deployment active. It is not necessary to create a new deployment for TCP Relay Logging and TCP Relay nodes. For detailed instructions on deploying new nodes, see the following sections:
- Phase 3: Creating a Deployment package
- Phase 4: Deploying Hyper-scalable PAS software to Web, Background, and TCP Relay nodes
- Phase 5: Activating the Deployment
Note: If you do not deploy new Web and Background nodes after changing the host certificate, the Web and Background nodes will keep using the old certificate.