DNS/DHCP Server always has a single current certificate and the ability to revert to the factory installed certificate.
In certain situations, for example with Crossover High Availability (xHA), DNS/DHCP Server may create a new certificate and replace the factory-set certificate on both the server and client. If these certificates continue to match, you can deploy new configurations. However, if the certificates become mismatched, you may have to reset the appliance certificate to its factory-set value (the certificate that shipped with your appliance).
To reset the deployment certificate:
- Remove the .ks file from the keystores directory on the client workstation. If you don't remove the .ks file first, an error message (No trusted certificate) appears when you try to deploy your configuration.
- Log in to the Address Manager Administration Console as the administrator. For more information on default login credential for Address Manager, refer to BlueCat default login credentials (you must be authenticated to view this topic).
- From Main Session mode, type configure system and press ENTER.
- Type set deployment-certificate default and press ENTER. The deployment certificate is immediately reset to its default value.