puff 1 Posted August 30, 2018 Share Posted August 30, 2018 I'm getting ready to deploy an ESMC VA for the purpose of upgrading my ERA 6.x VA. I have a few questions. Do I need to export all of my existing certificates and reinstall them on the new server? Or is this done automatically as part of the database pull? I want to give the new server a different domain name. I believe the certificates are just tied to the IP address (which I will be keeping the same), but will a name change break anything that I should be aware of? Do I need to remove the old server from the domain, and rejoin the new server to the domain as part of the upgrade process? Thanks! Link to comment Share on other sites More sharing options...
ESET Staff MartinK 375 Posted August 30, 2018 ESET Staff Share Posted August 30, 2018 33 minutes ago, puff said: I'm getting ready to deploy an ESMC VA for the purpose of upgrading my ERA 6.x VA. I have a few questions. Do I need to export all of my existing certificates and reinstall them on the new server? Or is this done automatically as part of the database pull? I want to give the new server a different domain name. I believe the certificates are just tied to the IP address (which I will be keeping the same), but will a name change break anything that I should be aware of? Do I need to remove the old server from the domain, and rejoin the new server to the domain as part of the upgrade process? Thanks! Migration will move all "objects" created in ERA, and thus also certificates that are currently available in console. Unfortunately certificate used for Webconsole (Apache Tomcat certificate for https) won't be migrated, so you will either use new one, or migrate/re-install it manually - this is relevant especially in case you are using custom certificate. In case your certificates are signed for IP address, and AGENTs are configured to connect to this IP address instead of hostname, migration should not break anything, but even if, during migration, original appliance will remain without changes, so there is still possibility to cancel migration and restore original configuration. Unfortunately I cannot answer last question regarding domain, I guess it depends on your domain configuration. New appliance will be most probably considered as new device (with new hostname) and I would expect both appliances could be joined into the same domain concurrently. Link to comment Share on other sites More sharing options...
puff 1 Posted August 30, 2018 Author Share Posted August 30, 2018 I didn't even think about the domain rejoin in the context of the name change. I'll just join the new server as a different name and remove the old one when I decommission it. Thanks! You're always a big help. Link to comment Share on other sites More sharing options...
Recommended Posts