This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject

A new Flexera Community experience is coming on November 25th. Click here for more information.

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

How to update the Linux/Unix pinned certificate associated with the FlexNet Inventory Agent

kyle_wolff
By
Level 6

Please verify this is correct and feel free to promote this to a KB if so.

 

Scenario:

You are utilizing certificates with your FlexNet Manager Suite implementation and encrypting the traffic between your deployed FlexNet Inventory Agents and your FlexNet Beacon servers (traffic over port 443). When the issued certificate expires, the pinned certificate you included in your FlexNet Inventory Agent deployment package to Linux/Unix systems  (mgsft_rollout_cert) needs to be updated on every Linux/Unix system (there is no self updating mechanism).

 

Update Method #1

Update your mgsft_rollout_cert certificate file with the updated certificate Base64 export (if purchasing external Certificate Authority certs, include the Trusted Root and Intermediate certificates). Reinstall the agent including the updated certificate file mgsft_rollout_cert.


Update Method #2

Update your mgsft_rollout_cert certificate file with the updated certificate Base64 export(if purchasing external Certificate Authority certs, include the Trusted Root and Intermediate certificates). Make a copy of it and rename it cert.pem. On each Linux/Unix system, replace /var/opt/managesoft/etc/ssl/cert.pem with the updated cert.pem.

 

I wanted to make sure this got on the forum in case others were looking for a way to update FlexNet Inventory Agent certificates without a complete agent reinstall.

‎Jul 06, 2021 03:25 PM - edited ‎Jul 08, 2021 09:57 AM

(2) Replies

ChrisG
By Community Manager Community Manager
Community Manager

Thanks for taking the time to write this up @kyle_wolff! These options look generally good to me, although I think the references to mgsft_rollout_response should instead be mgsft_rollout_cert.

For reference, here are a couple of other pages which talk about working with certificate configuration files for the FlexNet inventory agent on UNIX:

(Did my reply solve the question? Click "ACCEPT AS SOLUTION" to help others find answers faster. Liked something? Click "KUDO". Anything expressed here is my own view and not necessarily that of my employer, Flexera.)

‎Jul 06, 2021 11:27 PM

kyle_wolff
By
Level 6
In response to ChrisG

Yep, nice catch. I'll edit it. Thank you!

‎Jul 08, 2021 09:56 AM

0 Kudos