Hello, as Igor already said SMA 8.5 RU4 and the latest RU3 PF do not set friendly name to the certificates anymore but I'm wondering what kind of problems SMA friendly name caused to other software? Friendly name is not a part of certificate itself it is just a name added locally on the machine, local user can easily change it to whatever he/she likes. SMA does not care if friendly name was changed for any certificates it installed. If some software depends on the friendly name then it can be easily broken.
Pre RU4 SMA set friendly name for certificates it installs only if those certificates have not been installed on the machine before. If a certificate was on the machine, the name would not be changed. We assumed since admin decided to redistribute some certificates using SMA profiles, then they "kind of" belong to us and we can set the friendly name.
If you redistribute certificates using some other method (AD for example) then you can remove these certificates from SMA profiles. SMA simply needs certificates to be presented on the machine when it makes https connections.
Original Message:
Sent: 07-14-2020 03:09 AM
From: Rufus Swart
Subject: SMP communication profile changes CA cert friendly name
Hi,
Our customer has distributed their internal root CA & enterprise CA certs with the agent communication profiles when they setup SSL originally on 8.0, now since they upgraded on some servers the root CA friendly name is changed and causes an issue with other software referencing the same cert.
Has anyone seen this issue and is it needed to include the internal root CA & enterprise CA certs? if not can we safely remove the cert from the communication profile and our of the cert manager on the NS?
Thanks,
Rufus
Cert name as seen in MMC:
------------------------------
ProServe Consulting
------------------------------