How to: Use NDE to renew an existing certificate in the Policy tree


Network Device Enrollment (NDE) allows renewing existing certificates. This article describes how to enable this option.


More info:

  1. Navigate to the Platforms tree
  2. Click on the Engine object (the name of the director server)
  3. Click on the Rules tab
  4. Enable the option 'Match x.509 subject to existing certificate object'
  5. Restart the IIS service


This will allow an NDE request to renew a certificate in the policy tree.  Keep in mind this has to match the full x.509 fields on the certificate, if it does not a new certificate with the mismatched fields will be created.


Note: The NDE rules are calculated for evaluation when the IIS service is started, therefore any changes made to the rules/configuration requires that the IIS service be restarted or the app pool must time out before these take effect.  The app pool will time out in about 15 minutes if nobody is using the web service.

Was this article helpful?
0 out of 0 found this helpful