Some users may have issues creating a community account See more here.

kyle_wolff
Active participant

How to update the Linux/Unix pinned certificate associated with the FlexNet Inventory Agent

Please verify this is correct and feel free to promote this to a KB if so.

 

Scenario:

You are utilizing certificates with your FlexNet Manager Suite implementation and encrypting the traffic between your deployed FlexNet Inventory Agents and your FlexNet Beacon servers (traffic over port 443). When the issued certificate expires, the pinned certificate you included in your FlexNet Inventory Agent deployment package to Linux/Unix systems  (mgsft_rollout_cert) needs to be updated on every Linux/Unix system (there is no self updating mechanism).

 

Update Method #1

Update your mgsft_rollout_cert certificate file with the updated certificate Base64 export (if purchasing external Certificate Authority certs, include the Trusted Root and Intermediate certificates). Reinstall the agent including the updated certificate file mgsft_rollout_cert.


Update Method #2

Update your mgsft_rollout_cert certificate file with the updated certificate Base64 export(if purchasing external Certificate Authority certs, include the Trusted Root and Intermediate certificates). Make a copy of it and rename it cert.pem. On each Linux/Unix system, replace /var/opt/managesoft/etc/ssl/cert.pem with the updated cert.pem.

 

I wanted to make sure this got on the forum in case others were looking for a way to update FlexNet Inventory Agent certificates without a complete agent reinstall.

Labels (2)
2 Replies
ChrisG
Community Manager Community Manager
Community Manager

Thanks for taking the time to write this up @kyle_wolff! These options look generally good to me, although I think the references to mgsft_rollout_response should instead be mgsft_rollout_cert.

For reference, here are a couple of other pages which talk about working with certificate configuration files for the FlexNet inventory agent on UNIX:

(Did my reply solve the question? Click "ACCEPT AS SOLUTION" to help others find answers faster. Liked something? Click "KUDO". Anything expressed here is my own view and not necessarily that of my employer, Flexera.)
kyle_wolff
Active participant

Yep, nice catch. I'll edit it. Thank you!

0 Kudos