Skip to content

Updating PCoIP Management Console Certificates after Endpoint Discovery

The steps provided next are for updating your PCoIP Management Console certificates if your certificate expires, or if you need to update your PCoIP Management Console certificate for any other reason.

Note: Update endpoints with new certificate before updating the PCoIP Management Console certificates

It is important to update endpoints with their new PCoIP Management Console certificate before you update the PCoIP Management Console’s certificates. Otherwise, your endpoints will not be able to trust the PCoIP Management Console, and your profile update will fail when you attempt to apply it.

Step 1 - Update Endpoints with the New PCoIP Management Console Certificate

Note: All certificates must be in PEM format

All PCoIP Management Console certificates must be issued in PEM format.

To upload the PCoIP Management Console certificate for a group of endpoints using PCoIP Management Console:

  1. Ensure that all ungrouped endpoints are moved from the ungrouped category into a group.

    Possible modifications due to your deployment

    Depending on your site configuration, this may require modifications to your DHCP options or DNS SRV records, or it may require disabling persistent auto-configuration or placing the endpoints into a segregated network with a new PCoIP Management Console.

  2. Ensure that every group (or at least one parent group) is associated with a profile.

  3. Update all existing profiles to push the new certificate to endpoints. For each profile:

    1. From the PCoIP Management Console’s top menu click PROFILE.

    2. Click the NEW PROFILE button.

    3. Enter a name and description for the profile in their respective fields.

    4. Click the + tab beside the SETTINGS OVERVIEW tab and then select the appropriate type of profile (e.g. TERA2: CLIENT [DUAL], TERA2 HOST [QUAD]) that applies to your endpoints and click ADD.

    5. In the SOFTWARE section, ensure the correct Firmware Version is selected for your endpoints.

    6. Click SECURITY in the left navigation pane, scroll down to Certificate Store, and select Set in Profile.

    7. Click Add New, browse to your PCoIP Management Console public key certificate, highlight it and click Open. (This certificate must have a .pem extension)

    8. Click Upload.

    9. Ensure the correct usage type is selected for any specialized certificates such as 802.1x and Syslog.

      Certificate Usage type Limitation

      Only one specialized usage type can be selected in one profile. Any subsequent certificate selected for the same usage type will cause the previous certificate to change usage type to No Usage.

      802.1x and Syslog options are disabled when you upload certificates without a private key

    10. Click SAVE at the top of the page.

    11. Apply the profile immediately or create a schedule to update your group(s) with the profile.

Tip: Using the Tera2 Endpoint AWI

If a Tera2 endpoint's AWI is enabled, you can directly access it via the Management Console ENDPOINT DETAILS page and selecting the WEB INTERFACE button. This will allow you to directly manage a single Tera2 endpoint if required.

From the Management Console homepage:

  1. Select ENDPOINTS.

  2. Find your endpoint in the GROUPED or UNGROUPED tab and highlight it.


  4. Select the WEB INTERFACE button.

For more information about using the endpoint AWI after selecting the WEB INTERFACE button see Remote Workstation Card Firmware Administrators' Guide or PCoIP Zero Client Firmware Administrators’ Guide.

Step 2 - Upload Custom Certificate to the PCoIP Management Console VM

Note: Uploading Certificates causes the application to restart

Uploading a certificate signs out all PCoIP Management Console users and causes the PCoIP Management Console application to restart. Users will not be able to access the PCoIP Management Console for one to two minutes.

To upload your certificates to the PCoIP Management Console VM:

  1. From the PCoIP Management Console’s top menu, click SETTINGS.

  2. Click SECURITY in the left pane and select the CERTIFICATES tab in the SECURITY pane to the right.

  3. Click UPDATE.

  4. Click SELECT CERTIFICATE, select the PCoIP Management Console’s public certificate file (eg. certnew.pem), and then click NEXT.

    Certificate Upload

  5. Click SELECT KEY, select the PCoIP Management Console’s private certificate file (eg. mccertprivateKey.pem), and then click NEXT.

    Certificate Key

  6. Click SELECT CHAIN, select the PCoIP Management Console’s chain certificate file (eg. chain.pem), and then click NEXT.

    Certificate Apply

  7. Click Apply.

  8. Read the warning message and then click APPLY.

  9. When the update process completes, click LOGIN to log in to the PCoIP Management Console again.

    Certificate Login

Step 3 - Update Your DHCP or DNS Server

If your DHCP or DNS server is configured to provision endpoints with the PCoIP Management Console’s public key certificate fingerprint, this information must be updated next. You can update your server with your PCoIP Management Console certificate fingerprint as follows:

  • DHCP server: Edit the EBM X.509 SHA-256 fingerprint option for the PCoIP Endpoint option class. For details, see Configuring DHCP Options.

  • DNS server: Edit the EBM-SHA-256-fingerprint DNS text record. For details, see Adding a DNS TXT Record.