To reinitialize grid integrity

  1. Using the Configuration Manager, export the application settings of all applications with password properties. Unless you do so, password properties will not be able to decrypt correctly after reinitialization.
  2. Stop the grid and all grid hosts.
  3. Create a new grid root certificate.
  4. For each grid host, reissue the host server certificates for inter-grid communication.
  5. For each grid host, reissue the symmetric key used for encryption of password properties.
  6. For each grid host, reissue the client certificate of the bootstrap service. To do this:
    1. Find the physical name of the host it belongs to. Open the Configuration Manager -> Grid Configuration -> Manage Hosts page. This page shows a table with all the grid hosts. The physical name of the host is the first name the host was given when it was first added to the grid. This is either the name displayed in the "Host" column of the table, or (if the host has been renamed) the name that is displayed when hovering over the host column for the relevant host.
    2. Generate a client certificate with client name "Bootstrap_[physical host name]". See Managing SSL client certificates in the Configuration Manager. The keystore must be of type ".ks". The certificate must have the grid-admin role.
    3. Save the keystore as client.ks to the installation/secure folder.
    4. Save the keystore password as client.pw to the installation /secure folder.
  7. Reissue all client certificates used to connect to the grid such as for ION Desk and users.
  8. Reissue all host SSL keystores where there are only grid-signed SSL certificates.
  9. For any SSL keystores that contain certificates signed by external Certificate authorities, import the grid root certificate into that keystore with the alias of gridName_cert.
  10. Restart all services.
  11. Import any application settings that were exported in the first step.