While renewing a certificate, its status is stuck on Replacement in Progress
search cancel

While renewing a certificate, its status is stuck on Replacement in Progress


Article ID: 275362


Updated On:


IT Management Suite


The customer was trying to renew the Gateway certificate (under Settings > All Settings > Notification Server > Certificate Management) used by the gateway for NS Reporting. After clicking on "Renew" button, the status just stayed in "Replacement in progress".


ITMS 8.6, 8.7


Status "replacing" must go away as soon as Internet Gateway (IG) can report its inventory to NS specifying a new certificate usage. 


Go to the Internet Gateway:

  1. Open the Symantec Management Platform Internet Gateway Manager
  2. Under Servers tab, remove and re-add the SMP Server to the list
  3. After the SMP server has been added back, make sure "Status Report" is "Enabled"



If while trying to "Enable" Status Report in the Servers tab you get a message like this in the gateway logs:

Web exception occurred while getting status report certificate - The underlying connection was closed: An unexpected error occurred on a receive..

Check if the SMP server certificate is a valid one. You should be able to see a log entry just like the one here just below the one for the error message above:

Trying to enable status reporting for server 'https://<SMPSERVER>.example.com:4726'...

If you click on the link, it should try to reach the SMP Server and if there is a problem with the certificate, you can click to view the certificate properties and confirm if it is a valid one or not.

In case you need to remove an old SMP server certificate reference, try this (if removing and re-adding the SMP Server from the Servers tab in the Gateway UI doesn't do it):

  1. Remove the SMP Server from the Servers list on the Gateway
  2. Stop the gateway service for a moment
  3. Then, look for the old SMP server cert in MMC and delete it
  4. After than, go to ...\Program Files\Symantec\SMP Internet Gateway and open the file called "allowed_certs.txt" and see if the old SMP server cert is listed there. If so, delete the line for it.
  5. Then, go to ...\Program Files\Symantec\SMP Internet Gateway\certs and open the "server" cert and see if it is the old SMP server cert. If so, cut it out of this folder and place it somewhere else in the meantime.
  6. Also, check under ...\Program Files\Symantec\SMP Internet Gateway\clients for any reference to the old SMP server cert
  7. Restart gateway service.
  8. Add the SMP server again and try to enable reporting.