Share all details about your problem, including any error messages you may have received.
We have our certificates on our two IQService servers that are going to be expiring on 8/22. I can’t find any good documentation on how to replace these, we’ve renewed Apache TomCat services but the IQService doesn’t have Apache tomcat running on it.
Do we know where these certs live on the IQService servers(01 and 02)? I’m looking to just generate a new .cer, .key and .pfx. This is our first time renewing these certs so we’re open to any help.
Also, if you have update Apache tomcat on UI/Task servers, remember to copy conf folder from the older installation. In this folder you have a file called server.conf and in there the path of certs. You can refer to this guide, Edit the Tomcat Configuration File section: https://tomcat.apache.org/tomcat-9.0-doc/ssl-howto.html
When you say install directly the new certs- what do you mean? We were not able to find the cert in the IIS Manager but we do see it in the Windows Certificate Manager on the local machine.
We’ve got a .pfx created with the password generated by the AD team - is there documentation on how to add this to the keystore for the IQService servers?
The IQService doesn’t utilize Apache Tomcat so is there an embedded software where the keystore exists? Unsure as to where the cert is placed in the IQService server.
It looks like those certs are for the hosting of SailPoint. That means only UI and Task servers will need the certs. The Database and IQService server, if they are separate, do not need those certs. But remember, when creating a cert, specify all the server names that are using SailPoint.
