Regenerating the Standalone Sentry self-signed certificate

You can regenerate the Standalone Sentry self-signed certificate using the command line interface (CLI). You can regenerate only the self-signed certificate or both self-signed and CA certificates.

Impact of regenerating the Standalone Sentry self-signed certificate

Regenerating the self-signed certificate will impact email and app tunnel deployments. The self-signed certificate will have to be re-pushed to the devices. For iOS devices, click View Certificate for the Sentry entry in the Core Admin Portal, under Services > Sentry. For AppConnect apps on Android devices, the AppConnect AppConfig must be re-pushed to the devices.

Regenerating the CA certificate, in addition, impacts Ivanti Tunnel. For Ivanti Tunnel, the CA certificate must be manually uploaded to the device. To manually push the Standalone Sentry certificate to the device, follow the instructions in the Using a Self-signed certificate with Standalone Sentry and Ivanti Tunnel knowledge base article.

How to regenerate the Standalone Sentry self-signed certificate

To regenerate the Standalone Sentry certificates, enter the following CLI command in configuration mode:

certificate {portal}

Table 72.   Regenerating the Standalone Sentry self-signed certificate

Feature

Command

Regenerate Standalone Sentry self-signed portal certificate

certificate portal

To regenerate Standalone Sentry self-signed portal certificate, enter the following CLI command:

certificate portal

Example

config# certificate portal

Services will be disrupted.

Would you like to proceed? [y/n]:

If Standalone Sentry does not use a self-signed certificate

If Standalone Sentry does not use a self-signed certificate, then the certificate {portal | sentry} command will return the following message:

"Non Self-Signed Certificate in use. No Action performed"