4 Replies Latest reply on Jun 12, 2014 3:15 PM by rsc-ffm

    DSCC agents certificates

    rsc-ffm

      Hi,

       

      the certificate used by the DSCC agent in version ODSEE 11.1.1.7(.1) is a self signed certificate with valid time for 2 years.

      I can't find any documentation about renewing this certificate or to use an official signed cert from our own CA in our company. Or is this auto-renewed?

       

      Can someone of you give me a hint?

       

      Thanks,

      Roland


        • 1. Re: DSCC agents certificates
          Sylvain Duloutre-Oracle

          Hi,

           

          The simplest way to renew it is to reinitialize the agent:

           

          • dsccreg remove-agent
          • dsccagent delete
          • dsccagent create (use same port as previously)
          • dsccreg add-agent

           

          No change on DS/DPS servers is needed (no new registration....) if you keep the same port.

           

          -Sylvain

           

          ------

          When closing a thread as answered remember to mark the correct and helpful posts to make it easier for others to find them

          • 2. Re: DSCC agents certificates
            rsc-ffm

            Hi Sylvain,

             

            thanks for your fast answer. That's a way to do it...

             

            but...

             

            What is the behaviour of an expired certificate? No administration through DSCC possible? Any other problems?

            Is there any error message displayed and if yes, what error message?

             

            Is there a possibility to add an official cert signed by our internal CA? Auditors are not happy with any self signed certificates they find... :-(

            Then I will get the official announcement of our CA that the certificate will expire in 60 days...

             

            Thanks,

            Roland


            • 3. Re: DSCC agents certificates
              Sylvain Duloutre-Oracle

              Hi,

               

              I think that the ADS does not check DSCC agent certificate expiration, so this should not impact operations.

               

              It is possible to use an official certification but this is not documented. You basically need to

              - create the agent (dsccagent create),

              - locate the jks keystore containing the agent self-signed certificate,

              - use keytool to replace the self signed cert with the official one (make sure to use the same cert alias)

              - then register the agent (dsccreg add-agent)

               

              -Sylvain

               

              ------

              When closing a thread as answered remember to mark the correct and helpful posts to make it easier for others to find them

              • 4. Re: DSCC agents certificates
                rsc-ffm

                Thanks, Sylvain,

                 

                will do so!

                 

                Roland