Different TLS certificate verification options then Certificate Serial Number

3 votes

We get more and more Support calls because of stoped LSAMs because of TLS certificates which expired. Normaly a expired certificate gets reassigned to a LSAM-Server automatically by the AD. Problem is the new TLS certificate has a new Serial Number - so the number in the LSAM ini and in the EM > Advanced Machine Settings do not match anymore with the certificate > which stops the LSAM from running.

We have customer which have the domain policy, that the certificate is changed each year on every Server (can be 100+) and on each Server expiry date can be different

In a discussion with Parag the Suggestion was brought up, that we could add another verification value which stays consistent like e.G. the certification Name (or something like this) next to the Serial Number.

So that they can choose to use that and do not have to change the Serial Number in the LSAM.ini and the Machine each year.

Simon & Roger

Collecting community feedback OpCon Suggested by: Hidden identity Upvoted: 27 Jan, '21 Comments: 0

Add a comment

0 / 1,000

* Your name will be publicly visible

* Your email will be visible only to moderators