Before the Unit Assistant role can effectively manage unit certificates, you must configure the certificate management settings and the certificate profile.
Before you begin
Procedure
After you finish
IMPORTANT: If you change the
communication port of the CA (Certificate Signing role) or any setting in the
Certificate profile page, you must restart the Unit Assistant role
for the change to take effect. If you change to a new CA, any unit that has its certificate
signed by the old CA must be renewed as soon as possible. Otherwise, when you move your unit
to a new role, the unit might stop working because the old CA's root certificate would not
be deployed on the server hosting the new role.
Also note that the root certificate of the old CA is not automatically removed when it is no longer in use. If required, after all unit certificates have been renewed, you can manually remove it from the Windows Certificate Store.