https://community.hpe.com/t5/server-management-systems/trust-madness-part-2-duplicate-certs/m-p/3583440#M13051 We already have a Replicate Agent settings task that distributes the new certificate (as well as settings) every day.<BR /><BR />I can use the Configure and Repair agents to push the new certificate -- we've done this many times and it works too (well once you move your certs to C:\HP\SSLSHARE anyways).<BR /><BR />Every server has the new cert, but it also has the old cert.<BR /><BR />Removing the old cert will restore the trust, but I haven't been able to find any way to automate the removal of the old certs. Fri, 15 Jul 2005 06:56:03 GMT Kevin Kelling 2005-07-15T06:56:03Z https://community.hpe.com/t5/server-management-systems/trust-madness-part-2-duplicate-certs/m-p/3583438#M13049 OK..fixed the problem where SIM was distributing the wrong cert.<BR /><BR />Only a handful of our 400 servers are trusted however.<BR /><BR />I picked 2 test servers. They each had 2 certificates for the hostname of the CMS/SIM server. SIM correctly pushed the new cert but did not remove the old one.<BR /><BR />Once I removed the old certificte and rediscovered the system, the trust was present. I repeated this for the other node with the same results.<BR /><BR />It appears that SIM will add certs but not take them away. Herein lies the problem. I need to find a way to remove the old cert on 400 servers -- so I can establish a trust with them -- or otherwise do it manually x400.<BR /><BR />Please tell me there is a way to automate this. :^)<BR /><BR />Thanks. Fri, 15 Jul 2005 05:44:44 GMT https://community.hpe.com/t5/server-management-systems/trust-madness-part-2-duplicate-certs/m-p/3583438#M13049 Kevin Kelling 2005-07-15T05:44:44Z https://community.hpe.com/t5/server-management-systems/trust-madness-part-2-duplicate-certs/m-p/3583439#M13050 Hi Kevin,<BR /><BR />Since you have trusts established, did you try using "Configure-&gt;Replicate Agents Settings...", and choose a "source" server where there is only 1 certificate, and replicate the "Trusted Certificate" setting??<BR />This procedure, replaces what you have on target server, insted of adding it.<BR />I think the source server has to have similar Agent versions, than target server.<BR /><BR />Hope this helps<BR /><BR />Alfredo Fri, 15 Jul 2005 06:45:18 GMT https://community.hpe.com/t5/server-management-systems/trust-madness-part-2-duplicate-certs/m-p/3583439#M13050 Alfredo Soares 2005-07-15T06:45:18Z https://community.hpe.com/t5/server-management-systems/trust-madness-part-2-duplicate-certs/m-p/3583440#M13051 We already have a Replicate Agent settings task that distributes the new certificate (as well as settings) every day.<BR /><BR />I can use the Configure and Repair agents to push the new certificate -- we've done this many times and it works too (well once you move your certs to C:\HP\SSLSHARE anyways).<BR /><BR />Every server has the new cert, but it also has the old cert.<BR /><BR />Removing the old cert will restore the trust, but I haven't been able to find any way to automate the removal of the old certs. Fri, 15 Jul 2005 06:56:03 GMT https://community.hpe.com/t5/server-management-systems/trust-madness-part-2-duplicate-certs/m-p/3583440#M13051 Kevin Kelling 2005-07-15T06:56:03Z https://community.hpe.com/t5/server-management-systems/trust-madness-part-2-duplicate-certs/m-p/3583441#M13052 Kevin, did you ever find a way to remove the old certs? Thu, 04 Dec 2008 18:14:42 GMT https://community.hpe.com/t5/server-management-systems/trust-madness-part-2-duplicate-certs/m-p/3583441#M13052 Tusc 2008-12-04T18:14:42Z