none
Dreaded Expired Self-Signed Cert; ATA is dead; how do i remove and replace? RRS feed

  • Question

  • So, like many of us who dont have resources to monitor every little detail of our network/infrastructure, and rely on products being self-sustaining, i did not know i would lose my ATA investment because a cert expired.  Where else does that happen?  How can there not be any kind of recovery option for ATA Admins if they didnt catch the cert renewal in time?  

    That said, since it already happened, it looks like my only option is to start over from scratch.  Does anyone have all the steps needed to remove my current ATA infrastructure completely, and then build a new one in its place?  I know where the docs are for deploying a new ATA, but my scenario includes an existing, dead ATA deployment that cant be undone normally because i cant get into the system to "undo it".  I would appreciate any guidance on the best approach for removing an ATA Center and two Lightweight Gateways (and anything else i've forgotten that i would need to know).  And then for starting over, is there anything i should know when about deploying a new ATA Center when an existing one was present.  Finally, is there anything i can salvage from my dead ATA?

    Thanks!

    Saturday, November 16, 2019 6:43 PM

All replies

  • Unlike other products, the cert is not used just for the console website, it is used for DB data encryption, so once expired, you can't decrypt the data any more...

    Note that the system will alert you weeks before that happens.
    If you have set email notifications for health alerts, you should have got an alert via email as well.

    Now, for the current state... There is no (reasonable) way to recover this deployment.

    you need to uninstall all the Gateways and Center, and start from scratch.

    A simple uninstall from Add/Remove programs should work fine for the recent versions even if the center is not functional any more. Did you run into an issue with that?

    Saturday, November 16, 2019 9:31 PM
  • Thank you Eli.  i havent tried uninstalling anything yet as i wanted to be sure we couldnt salvage anything AND that i followed a correct order.  I'll try the uninstalls.

    In IT shops where there arent enough admins to handle everything, weeks can be too limiting in terms of response time. In addition, it wasnt clear from the emails i got that i was going to lose my investment. I have had certs expire before and the system just failed to use the cert upon expiration (e.g. a website wont load). But i can always be reactive, update the cert and get things back online without any loss.  My issue is that we have created a scenario where it looks like a standard cert expiration but it's really something else.  I know it's our fault for not understanding ATA better but its something to think about going forward. Not all IT shops can be on top of things 100%.  Dont penalize those shops if possible.


    Sunday, November 17, 2019 5:11 PM
  • This is a legitimate feedback , which we also got from other customers as well.

    I can tell you that we are changing this for Update 3...

    You are going to have much more time ahead (months) of notification, plus the alert is going to be clear about losing the deployment in case it is ignored.

    Sunday, November 17, 2019 6:02 PM