Updating MC Certificates after Endpoint Discovery

If your MC certificate expires or you need to update your MC certificate for any other reason, please follow the steps below in the order shown.

Note: It is important to update endpoints with their new MC certificate before you update the MC's certificates. Otherwise, your endpoints will not be able to trust the MC, and your profile update will fail when you attempt to apply it.

Step 1: Update Endpoints with the New MC Certificate

1. Ensure that all ungrouped endpoints are moved from the ungrouped category into a group.
2. Ensure that every group (or at least one parent group) is associated with a profile.
3. Update all existing profiles to push the new certificate to endpoints. For each profile:
   1. From the MC's top menu, click PROFILE.
   2. From the profile table, select the profile and click EDIT.
   3. Click the profile's device type tab.
   4. In the SOFTWARE section, ensure that the right firmware version is selected for your endpoints.
   5. Click SECURITY in the left navigation pane, scroll down to Certificate Store, and select Set in Profile.
   6. Click Add New, select your new MC public key certificate, and click Open.
      Note: This certificate must have a .pem extension.
   7. Click Upload.
   8. Click SAVE at the top of the page.
   9. Click PROFILE in the navigation link at the top to return to the main page.
4. Apply the profile immediately or create a schedule to update your group(s) with the profile.

Step 2: Upload the New MC Certificate to the MC

Note: Uploading a certificate disables all MC users and causes the MC application to restart. Users will not be able to access the MC for one to two minutes.

1. From the MC's top menu, click SETTINGS.
2. Click SECURITY in the left pane.
3. Click UPDATE.
4. Click SELECT CERTIFICATE, select the MC's public key certificate file (*.pem), and then click NEXT.
   
   
   
   
5. Click SELECT KEY, select the MC's private key certificate file (*.key), and then click NEXT.
   
   
   
   
6. Click SELECT CHAIN, select the MC's chain certificate file (*.pem), and then click NEXT.
   
   
   
   
7. Click Apply.
8. Read the warning message and then click APPLY.
   
   
   
   
9. When the update process completes, click LOGIN to log in to the MC again.

Step 3: Update Your DHCP or DNS Server

If your DHCP or DNS server is configured to provision endpoints with the MC's public key certificate fingerprint, this information must be updated next. You can update your server with your MC certificate fingerprint as follows:

• DHCP server: Edit the EBM X.509 SHA-256 fingerprint option for the PCoIP Endpoint option class. For details, see Configuring DHCP Options.
• DNS server: Edit the EBM-SHA-256-fingerprint DNS text record. For details, see Adding an Optional DNS TXT Record.

© 2016 Teradici Corporation. All rights reserved. TER1401005 Issue 7, Version 2.1, 26 Jan 2016
Click here for intellectual property rights information.