Changing the Certificates for Collectors
Changing the certificates of the collectors (Activity Monitor, Permission Collector, Data Classification) using the Collector Installation Manager replaces the SailPoint self-signed certificates with your appointed certificate and deletes the corresponding SailPoint certificate from the certificate store.
To replace the certificates for collectors using the Collector Installation Manager, complete the following:
- Run the Collector Installation Manager.
- This will open a list of the collectors. You can update separate certificates per collector or use the same certificate for all.
- Select Set Certificate for all Services.
- If this server does not have a server installer, you will have to update the watchdog certificate manually. Refer to Installing Collectors on a Server Without Core Services.
- Select your certificate from the dropdown list to update the certificate list.
- Restart all the services or simply reboot the server.
Installing Collectors on a Server Without Core Services
If you are installing collectors on a server without installing the server installer, the Collector Installation Manager will not replace the watchdog certificate. This must be done manually, as described below.
-
Verify that you have to perform this step:
- Check the certificate store (local computer store) after running the Collector Installation Manager.
- If there is a certificate called "File Access Manager WatchDog [servername]," the watchdog certificate has not been replaced.
-
Copy the thumbprint of your trusted certificate.
- Find the certificate you want to use in the certificate store (local computer store).
- Right-click the certificate to view the details and copy the thumbprint value.
-
Update the thumbprint value in the watchdog configuration file:
- Locate the Watchdog configuration file at:
- Open the configuration file with a text editor, and search for
clientCertificateThumbprint
. - Replace the value with the copied thumbprint from your trusted certificate.
- Save the file.
-
Restart the watchdog service.
-
Delete the SailPoint watchdog service certificate from the computer's personal certificate store.