Updating the server certificate in the 8.11.2 web console using a .PFX file fails to apply the new certificate.

If using the scheduled option, the same old certificate is displayed as both the current and pending certificate.

The following messages may be displayed:

• New certificate was successfully imported and applied. It will be applied in X minutes.
• Error importing certificate: Certificate already exists.

Agents disconnect/offline after the previous certificate expires. 

App Control Server: 8.11.2

This issue is currently being investigated as part of engineering ticket CRE-22899

1. Log in to the App Control Server system
2. Open the local machine cert store (Certlm.msc)
3. Navigate to > Trusted People > Certificates > Verify that the new certificate is present
   • If not present > Import the Certificate using the .PFX file
4. In the web console > go to System Configuration > Security tab > Scroll down to the "Trusted Communication Certificates" section > Verify the new certificate is present > Copy the thumbprint
   • If not present > Import the Certificate as DER encoded .CER file
5. Go to > https://AppCServer/Shepherd_config.php > ShowAllProps > Set it to: true > Change > Navigate away from the page
6. Reopen https://AppCServer/Shepherd_config.php > SSLCertificateThumbprint > Update the thumbprint value using the thumbprint of the new certificate
7. Open the Services console (services.msc) > Restart the App Control Server service.

If the displayed message is "Error importing certificate: Could not import cert from temp file" - generate a new SSL certificate that includes a DNS entry matching the name of App Control as displayed in the web console (e.g. DNS=APPCSERVER.domain.com)