Renew your Enrollment Agent Certificate
Overview
If you have configured a certificate deployment method that will assign Certificates to Active Directory User/Computers Objects, your Enrollment Agent certificate will most likely expire every 2 years or in a different cycle, depending on the configured certificate template validity in your Certification Authority. Failing to renew this certificate will result in failure in deploying certificates to your devices. Starting from Silverback 24.0, you will receive a warning in the Silverback Management Console when the expiration date is approaching and this article provides a general instruction on how to create and update the new certificate.
General Update Process
Because the process for updating the certificate is the same as the process for creating the certificate, follow the instructions in one of the certificate authority integration guides that you used to initially set up the certificate deployment method. The platform you are using is not really important in this process because the process for deploying and assigning certificates to Active Directory objects is the same for all platforms and for distributing S/MIME certificates. For demonstration purposes of this guide, we will follow the iOS and iPadOS guide with the following link: iOS II: Assign Certificates to Active Directory User Objects. Before you dive in, please read the following sections to avoid repeating unnecessary steps from the integration guides and to start with an initial assessment of your current state.
Review your Environment
Before you begin creating the new certificate, we recommend that you first review the recently used certificate templates available from your CA and review and verify the credentials for the service account that was used the last time the Enrollment Agent Certificate Request was created.
Which parts needs to be repeated
To create your new certificate, ensure to repeat only the steps from the Create Enrollment Agent Certificate Request section. To provide you a better overview, perform only the following steps:
Where to find your current certificate(s)
The Agent Certificate can be found in the areas listed below:
- Android, Samsung Knox
- Option 1: In Wi-Fi Profiles in Tags
- Option 2: In Certificate Profiles in Tags
- iOS, iPadOS
- Option 1: In Wi-Fi Profiles in Tags
- Option 2: In the S/MIME configuration in the Web Settings
- macOS
- Option 1: In Wi-Fi Profiles in Tags
Depending on your Tag structure, we recommend to open several device overviews and navigate from the Resultant Tags view to the above displayed profiles to open the profiles in directly a new browser tab.
How to update the certificates
Once the new certificate is placed on your Silverback or Cloud Connector server, you can navigate to the appropriate sections mentioned in the chapter above. The procedure for updating the certificate is slightly different. If a Cloud Connector is in use, manually enter the thumbprint in the Agent Certificate field and press Save. If you are not using a Cloud Connector, you can simply select your new certificate from the drop-down list and press Save.