Our portal SSL cert (Verisign) is due to expire next month. From what I've read, installing a new cert will require devices to reprovision.
Does anyone know if there is a way around this? What I'm thinking is that if I can ask Verisign to renew the existing cert without having to create a new cert request, where they basically just change the expiration date, that may work?
Any guidance offered would be greatly appreciated.
Thanks in advance.
I don't imagine that will work since the certificate itself is aware of it's expiration date and so I imagine would still need to be updated. It is an interesting thought though. Please do update this thread with your results.
To avoid this issue we just orderd a 5 year godaddy cert (godaddy is a best practice, recommended CA of McAfee). Added benefit, they always have a 50% off coupon code (google it) so we get 5 years for around $100.
It's going to be the same as any solution that uses ssl. If you don't renew your certificates BEFORE they expire then things break. Wouldn't be secure otherwise.
There will be a mechanism in place to work around this situation in EMM 11.0. Profiles will be signed with a different certificate generated by the EMM server to avoid profile re-installation when the certificate is replaced in the console.
EMM 11 is targeted for release in mid May.
EMM will generate a unique certificate that will sign the profiles and that will not expire for a some 10 years or so. this will prevent the devices from having to reprovision when the Portal certificate is renewed as we will no longer use the SSL for signing profiles.