I am in the process of replacing the CCA manager certificate which is about to expire. My environment is HA and as such consists of two CAM servers and two pairs of HA-CAS servers.
First - I have submitted and generated the CAM server certificate (Easy enough as the CAM SSL is accessible via the GUI.) I think, although I'm not sure that I need to generate a new cert for the CAS(S).
If I do I need to access at least one CAS in an HA pair via the GUI. Does it matter which one? When I attempt to GUI to the "secondary" CAS in a pair I am of course being treated like a device that need to be "NAC'd".
To access the CAS I think I need to stop perfigo services which should drop me out of the HA pair. True?
Will I need to take each server out of "service" to update the cert.
If there is a document sequence of events I would love to see it.