Skip to content

Changing the Certificates for Collectors

Changing the certificates of the collectors (Activity Monitor, Permission Collector, Data Classification) using the Collector Installation Manager replaces the SailPoint self-signed certificates with your appointed certificate and deletes the corresponding SailPoint certificate from the certificate store.

To replace the certificates for collectors using the Collector Installation Manager, complete the following:

  1. Run the Collector Installation Manager.
  2. This will open a list of the collectors. You can update separate certificates per collector or use the same certificate for all.
  3. Select Set Certificate for all Services.
  4. If this server does not have a server installer, you will have to update the watchdog certificate manually. Refer to Installing Collectors on a Server Without Core Services.
  5. Select your certificate from the dropdown list to update the certificate list.
  6. Restart all the services or simply reboot the server.

Installing Collectors on a Server Without Core Services

If you are installing collectors on a server without installing the server installer, the Collector Installation Manager will not replace the watchdog certificate. This must be done manually, as described below.

  1. Verify that you have to perform this step:

    • Check the certificate store (local computer store) after running the Collector Installation Manager.
    • If there is a certificate called "File Access Manager WatchDog [servername]," the watchdog certificate has not been replaced.

  2. Copy the thumbprint of your trusted certificate.

    1. Find the certificate you want to use in the certificate store (local computer store).
    2. Right-click the certificate to view the details and copy the thumbprint value.

  3. Update the thumbprint value in the watchdog configuration file:

    1. Locate the Watchdog configuration file at: 
      %SAILPOINT_HOME%\%SAILPOINT_APP_NAME%\WBXWatchDogServiceHost.exe.config
    2. Open the configuration file with a text editor, and search for clientCertificateThumbprint.
    3. Replace the value with the copied thumbprint from your trusted certificate.
    4. Save the file.

  4. Restart the watchdog service.

  5. Delete the SailPoint watchdog service certificate from the computer's personal certificate store.