locked
Gateway certificate RRS feed

  • Question

  • Hello Everyone,

    I have a few questions regarding the certificates used by Lightweight Gateways

    • Can I use certificates generated by internal PKI for my lightweight gateways installed on DC's
    • If certificates are meant to be automatically renewed why does my lightweight gateways give error messages "Gateway certificate expired" and I have to reinstall the agent all over again.


    Senior Technical Consultant, MDS Computers


    Sunday, November 24, 2019 1:32 PM

Answers

  • Hi, 

    You are way way back.

    Automatic GW certificate management was introduced only in ATA 1.8+, so it explains how you got there...

    Upgrade to 1.9 Update 2 ASAP. 1.7 is not supported any more...

    Notice the upgrade path in the docs...

    • Marked as answer by Shoaib Hassan Sunday, November 24, 2019 8:19 PM
    Sunday, November 24, 2019 8:04 PM
  • My best advise is to not mess with certificates at all at this point.

    It was a bad practice, that's why we changed it long time ago.

    Upgrade to 1.9 Update 2 asap, and let the system manage it.

    The upgrade will  auto fix the certs that needs to be replaced to self managed ones, you will only need to reinstall the GW for the machines that expired.

    • Marked as answer by Shoaib Hassan Sunday, November 24, 2019 8:19 PM
    Sunday, November 24, 2019 8:17 PM

All replies

  • What exact ATA version are you using?

    Was the GW healthy and connected to the center before the cert expired?

    Sunday, November 24, 2019 3:08 PM
  • Currently it is 1.7.5757 but we plan to upgrade to 1.9

    Senior Technical Consultant, MDS Computers

    Sunday, November 24, 2019 7:56 PM
  • Hi, 

    You are way way back.

    Automatic GW certificate management was introduced only in ATA 1.8+, so it explains how you got there...

    Upgrade to 1.9 Update 2 ASAP. 1.7 is not supported any more...

    Notice the upgrade path in the docs...

    • Marked as answer by Shoaib Hassan Sunday, November 24, 2019 8:19 PM
    Sunday, November 24, 2019 8:04 PM
  • Thank You Eli, so it means we don't even require certificate generated from internal PKI...is it even supported by the way (internal certificate) for lightweight gateway?

    Senior Technical Consultant, MDS Computers

    Sunday, November 24, 2019 8:09 PM
  • My best advise is to not mess with certificates at all at this point.

    It was a bad practice, that's why we changed it long time ago.

    Upgrade to 1.9 Update 2 asap, and let the system manage it.

    The upgrade will  auto fix the certs that needs to be replaced to self managed ones, you will only need to reinstall the GW for the machines that expired.

    • Marked as answer by Shoaib Hassan Sunday, November 24, 2019 8:19 PM
    Sunday, November 24, 2019 8:17 PM
  • Great Thank You so much

    Senior Technical Consultant, MDS Computers

    Sunday, November 24, 2019 8:19 PM