search
Ctrlk
RoadmapFrends

Updating Agent Certificates

How to maintain TLS/SSL certificates on Agents.

Agent certificates have an expiration date and they need to be updated regularly. Certificates are used to allow using HTTPS connectivity for your APIs and Triggers, meaning they are crucial to keep your Frends running as expected.

hashtag
Requirements

Certificate updates are performed automatically for Frends Cloud Agents, and do not require any action for the customer or users of your Frends Tenant.

In order to perform the certificate update for self-hosted Agents, administrator permissions are required for both the Frends Tenant and the servers hosting the Agents.

hashtag
How to update the Certificate

The update process for certificates consists of two parts, updating the existing or installing a new certificate on the Agent machine, and then providing information about the new certificate for Frends in the Control Panel.

hashtag
Updating certificate for the Agent

For PaaS Agents the update is automatic and doesn't require any action.

For self-hosted Agents the update needs to be done manually. You can see when the certificate is about to expire from Frends Control Panel. There will be a warning in the notification area / bell icon, next to the "Help" button, and clicking it will show information about which Agents' certificate is about to expire.

Notification about expiring certificates.

First, you need to add the new certificate to an Agent's Local Machine Personal Store. It is also advised to add the certificate to Trusted Root Storage so the Frends Agent will trust it.

After you have added the new certificate to the Agent you need to add the new certificate's thumbprint to Frends. This can be done from an Agent's settings at the Environments View. You can change the thumbprint used for the Agent's certificate and then save the changes.

Certificate thumbprint is added in Agent settings.

hashtag
Reinstallation of Agent

After saving the changes the Agent Service needs to be reinstalled to take the new certificate into use.

You can do this by downloading the new installer package and running it in the Agent. Similarly to updating Agents, it is advised to pause and then stop the Agent Service before re-installing the Agent to avoid starting new Processes in the Agent.

After Agent re-installation the Agent will use the new certificate with Frends. The warning about certificate expiration should have vanished.

After updating the certificate, you should monitor Processes using a HTTP or API Trigger to ensure that they are working as expected.

PreviousConfiguring SSL Certificates for Frends AgentNextHow to set up High Availability configuration

Last updated

Was this helpful?