Certificates on Ignition server

[bdholmes]

Our security dept renewed or Root and Signing CA certificates. When I try to load the new certificates into our Ignition server it says the name cannot match an existing certificate and refuses to load.

Don't I need the old and new since most of our objects were signed with the old. Or can I just delete the old and load the new?

Many of our objects were not signed with the new certificates yet.

Or will the ignition server only look at the name on the certificate for trust? None of the other information on the certificate matters? date, serial # etc..

Trying to understand how this is going to work.

[bdholmes]

This is actually broken in v9.0.1. One cannot load two certificates with the same name, even if the public key is different. I will have to try and get a bug fix from Avaya for this as our public certificate is expiring soon, so we simply renewed it with the same name.

The problem is the Ignition server will only allow us to load the old or the new and not both. So if I load the new, all old clients become untrusted...and if I load the old, any client signed by the new will be untrusted.

In a pickle here.

[rshaynes]

Brian,

Thank you for reporting this issue via the forums. We would appreciate that if you believe you have identified potential product related issues that you raise a services support request with Avaya Support Services @ https://support.avaya.com.

In the interim I will review your findings and discuss with our development teams regarding this issue.