How long before a PCoIP Management Console certificate expires should I replace it?
Before the PCoIP Management Console certificate can be replaced, the new certificate or the signing root CA certificate must be installed in the PCoIP Zero Client or PCoIP Remote Workstation Card certificate store. Once a PCoIP Endpoint is manged by an PCoIP Management Console, it will only trust that PCoIP Management Console if the certificate is trusted. The process for changing the certificate at a high level is:
- Request a new certificate on the PCoIP Management Console and get it signed by a trusted Certificate Authority.
Note: It is best to wait 24 hours before using the certificate to ensure that the certificate valid from time has passed.
- Push the certificate or the root certificate of the signing Certificate Authority to all the PCoIP Zero Clients and PCoIP Remote Workstation Cards managed by the PCoIP Management Console.
- Allow time for all PCoIP Zero Clients and PCoIP Remote Workstation Cards to receive the new profile.
Note: Ensure NTP is configured on all PCoIP Zero Clients and PCoIP Remote Workstation Cards so that the certificate valid from and valid to dates can be validated by the PCoIP Zero Clients and PCoIP Remote Workstation Cards.
- Backup and replace the certificate on the PCoIP Management Console. If any issues occur, revert to the backup certificate and troubleshoot.
The time it takes to complete this will depend on the size of the PCoIP deployment. It is recommended that the certificate is replaced on the PCoIP Management Console 1-2 weeks before the expiry of the existing certificate to allow time for troubleshooting any failures.