This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
kyle_wolff
Level 6
‎Jul 06, 2021 03:25 PM

How to update the Linux/Unix pinned certificate associated with the FlexNet Inventory Agent

Please verify this is correct and feel free to promote this to a KB if so.

 

Scenario:

You are utilizing certificates with your FlexNet Manager Suite implementation and encrypting the traffic between your deployed FlexNet Inventory Agents and your FlexNet Beacon servers (traffic over port 443). When the issued certificate expires, the pinned certificate you included in your FlexNet Inventory Agent deployment package to Linux/Unix systems  (mgsft_rollout_cert) needs to be updated on every Linux/Unix system (there is no self updating mechanism).

 

Update Method #1

Update your mgsft_rollout_cert certificate file with the updated certificate Base64 export (if purchasing external Certificate Authority certs, include the Trusted Root and Intermediate certificates). Reinstall the agent including the updated certificate file mgsft_rollout_cert.


Update Method #2

Update your mgsft_rollout_cert certificate file with the updated certificate Base64 export(if purchasing external Certificate Authority certs, include the Trusted Root and Intermediate certificates). Make a copy of it and rename it cert.pem. On each Linux/Unix system, replace /var/opt/managesoft/etc/ssl/cert.pem with the updated cert.pem.

 

I wanted to make sure this got on the forum in case others were looking for a way to update FlexNet Inventory Agent certificates without a complete agent reinstall.

Labels (2)

This thread has been automatically locked due to inactivity.

To continue the discussion, please start a new thread.
2 Replies
ChrisG
Community Manager Community Manager
Community Manager
‎Jul 06, 2021 11:27 PM

Thanks for taking the time to write this up @kyle_wolff! These options look generally good to me, although I think the references to mgsft_rollout_response should instead be mgsft_rollout_cert.

For reference, here are a couple of other pages which talk about working with certificate configuration files for the FlexNet inventory agent on UNIX:

(Did my reply solve the question? Click "ACCEPT AS SOLUTION" to help others find answers faster. Liked something? Click "KUDO". Anything expressed here is my own view and not necessarily that of my employer, Flexera.)
kyle_wolff
Level 6
In response to ChrisG
‎Jul 08, 2021 09:56 AM

Yep, nice catch. I'll edit it. Thank you!

0 Kudos