Previous Topic: Basic Host Identity Certificate for Signing the Compressed ChecklistsNext Topic: How DCS Works

Configuring Asset ManagementCollection ModulesDevice Compliance Scanner (DCS)Checklists Bundled with This ReleaseRedistribute the Checklists When the Certificate Changes

Redistribute the Checklists When the Certificate Changes

If the basic host identity certificate changes after the checklist has been signed and distributed, the verification of the signature on the agent will fail and the configured DCS inventory module will not run. To resolve this problem, alter the version of the checklist so that it will be redistributed with a newly generated signature to the scalability server and the Asset Management agent computer.

To redistribute the checklists when the certificate changes

  1. Open the checklist_xccdf.xml file on the domain manager and locate the <version> tag.
  2. Change the version number to enable the redistribution of the checklist.

    Note: Specify an earlier version number as this reduces the chances of a version number conflict when a new checklist is released.

  3. Save the XCCDF file.
  4. Open the DSM Explorer and run the Default SCAP Checklist Processing Job so that the modified checklist is compressed and signed.

    The checklist is now ready for redistribution to the scalability server.