In this self help discussion, I will explain how much downtime required for specific application service, when a new certificate is mapped and applied to SmartZone services.
User/admin query?
How much time a service will take to come back, when a new certificate is mapped with SZ services?
Customer is renewing controller's wildcard CA cert as it is expiring soon (new cert has same domain name so just validity will change). They want to know below details to make sure there is no or minimum service impact:
Customer general FAQ with answers
1. What will be the service impact for each service and end clients which are already connected or may connect during service cert change.
Answer:
Notes:
- No impact to existing clients but client connecting during the service restart may face issues on captive portal/guest SSIDs.
- Admins using the SZ GUI may get certificate error or may not at all able to access SZ UI during service restart (web is one of the services which will restart, post applying the new certificate).
2. How much time it will take for service to come to normal after changing all 4 certs to service mapping and hit OK?
Answer:
Certificate update/install will restart subscriber mgmt, NBI and Web services. Customer can upload all these certificate at once and you can assume roughly 15 minutes (max) of downtime for services to recover
3. Do we need downtime if there is possibility for client disconnection or service impact?
Answer:
Usually no downtime required for client connection but to avoid captive portal certificate errors, its better to update certificate during a maintenance window so that users will not wonder why they are getting certificate error.
4. How to check service status?
Answer:
Go to SZ CLI >> Enable mode >> run "show service"
Got additional questions or need help? Start the conversation!
