Resetting the internal certification authority of the SMC server

The internal certification authority of the SMC server issues and manages certificates attached to connecting packages. These certificates make it possible to connect, authenticate and identify SNS firewalls that connect to the server.

When a new connecting package is generated for a firewall that the SMC server already knows, the certification authority will revoke certificates that were attached to earlier connecting packages once the firewall with the new package connects. Likewise, when a firewall is deleted from the SMC server, all certificates attached to the various connecting packages generated for this firewall will be revoked.

This internal certification authority can be reset whenever necessary.

EXAMPLE
If you want to switch from a pre-production environment to a production environment, you may need to reset the certification authority due to the different security constraints in both environments.

To reset the internal certification authority:

  1. Log in to the SMC server via the console of your hypervisor or in SSH.
  2. Enter the command smc-reset-ca.
  3. After the script is run, SNS firewalls that were connected to the SMC server will be disconnected. Generate new connecting packages for each firewall and install them.