Forcing or overwriting certificate deployment
In some situations it may be necessary to use the -force option with the nbcertcmd -getCertificate command. For example, to force certificate deployment to a host or to overwrite the existing host ID-based certificate information and fetch a new certificate.
A host may already have a host ID-based certificate, but needs to overwrite the old certificate with a new one. This is required, for example, when a primary server is replaced with a new server. Since the clients have the old certificate to the old server, when the nbcertcmd -getCertificate command is run on the clients, it fails with the following error:
Certificate already exists for the server.
Use the following procedure to overwrite the existing host ID-based certificate information and fetch a new certificate.
To force certificate deployment on a host
- The host administrator runs the following command on the non-primary host:
nbcertcmd -getCertificate -server primary_server_name -force
Depending on the security setting on the primary server, a token may also need to be specified.
Use the -cluster option to deploy a cluster certificate.
A host may have been issued a certificate, but over time the certificate has become corrupted or the certificate file has been deleted.
The administrator of the non-primary host can run the following command to confirm the condition of the certificate:
nbcertcmd -listCertDetails
If the certificate is corrupt, the command fails with the following error:
Certificate could not be read from the local certificate store.
If no certificate details display, the certificate is not available.
Use the following procedure to overwrite the existing host ID-based certificate information and to fetch a new certificate.
To fetch a new host ID-based certificate
- The host administrator runs the following command on the non-primary host:
nbcertcmd -getCertificate -force
Depending on the security setting on the primary server, a token may also need to be specified.
Use the -cluster option to deploy a cluster certificate.