Versions Compared

Version Old Version 25 New Version 26
Changes made by

Matthew Hierholzer

Matthew Hierholzer

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Panel
borderColorblack
bgColor#f8f8f8
titleTable of Contents

Table of Contents


Getting Started

Background information regarding this subject is available on our:

Step-by-step guide

  1. Get new certificate

  2. Check if the certificate chain has changed. If:

    • Yes: Jump to step 3
    • No: Jump to step 4


  3. The chain or a single certificate has changed
     
    1. Add the new chain to the Agent Updater (do NOT replace the old chain!). 

    2. Bake and sign agents

    3. Wait until all agents updated

    4. Jump to step 4


  4. The chain did not change, or step 3 was done

    1. Restrict Auto Updates to only 2 or 3 hosts, so if something goes wrong, you do not mess up everything

    2. Deploy the new certificate to the Apache server

    3. Check for the correct cert and chain by using a browser

    4. Make sure Auto Update works for the test hosts

    5. If the chain changed (see step 3), remove the old chain from the updater rule, bake & sign agents, and see if everything works with the test hosts

    6. Remove the restriction to the test hosts and update all agents

...