...
- Get new certificate
- Check if the certificate chain has changed. If:
- Yes: Jump to step 3
- No: Jump to step 4
- The chain or a single certificate has changed
- Add the new chain to the Agent Updater (do NOT replace the old chain!).
- Bake and sign agents
- Wait until all agents updated
- Jump to step 4
- Add the new chain to the Agent Updater (do NOT replace the old chain!).
- The chain did not change, or step 3 was done
- Restrict Auto Updates to only 2 or 3 hosts, so if something goes wrong, you do not mess up everything
Deploy the new certificate to the Apache server
For Checkmk Appliances: Click on Device Settings → Web Access → Upload Certificate
Tip For more information about Appliances and SSL certificates, please refer to our Official Documentation.
.
- Check for the correct cert and chain by using a browser
- Make sure Auto Update works for the test hosts
- If the chain changed (see step 3), remove the old chain from the updater rule, bake & sign agents, and see if everything works with the test hosts
- Remove the restriction to the test hosts and update all agents
- Restrict Auto Updates to only 2 or 3 hosts, so if something goes wrong, you do not mess up everything
...