Hi,

sorry, I am not a specialist of certificates, this product and this language- but I do my very best
We are using the Version 9.2.3 with one beacon and one application server.
Now the old SSL certificate on the beacon expired AND we got a new SSL certificate from another issuer (old certificate = VeriSign, new certificate = Symantec).

Since the certificate expired, new server with a fresh installation of the agent got the attached errors if they want to download the packages from the beacon.

[[09.10.2017 14:22:39 (Y, 0)] {1840} Set symbol “MainCmdLine” to value “"C:\Program Files (x86)\ManageSoft\Launcher\ndlaunch.exe" -r $(DownloadRootURL)/Policies/Merged/hermes.COMPANY_domain/Machine/wndetstpepapp02.npl -o PkgType=Policy -o InstallProfile=Public -o UserInteractionLevel=Quiet”
[09.10.2017 14:22:39 (Y, 0)] {1840} Set symbol “PkgType” to value “Policy”
[09.10.2017 14:22:39 (Y, 0)] {1840} Set symbol “InstallProfile” to value “Public”
[09.10.2017 14:22:39 (Y, 0)] {1840} Set symbol “UserInteractionLevel” to value “Quiet”
[09.10.2017 14:22:39 (G, 1)] {1840} Base URL “https://flexera-prod-ib01.COMPANY/ManageSoftDL/” will be used
[09.10.2017 14:22:40 (N, 1)] {1840} Bandwidth to flexera-prod-ib01.COMPANY measured as 23648000*bps which is sufficient for Flexera Inventory Manager to download packages
[09.10.2017 14:22:40 (N, 0)] {1840} Downloading “https://flexera-prod-ib01.COMPANY/Ma...epapp02.npl” to “C:\Windows\TEMP\NDL30937.npl”
[09.10.2017 14:24:21 (G, 0)] {1840} Download failure: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
[09.10.2017 14:24:21 (N, 0)] {1840} Download FAILED for “https://flexera-prod-ib01.COMPANY/Ma...epapp02.npl”
[09.10.2017 14:24:21 (N, 0)] {1840} Downloading “https://flexera-prod-ib01.COMPANY/Ma...epapp02.npl” to “C:\Windows\TEMP\NDL30937.npl”
[09.10.2017 14:26:01 (G, 0)] {1840} Download failure: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
[09.10.2017 14:26:01 (U, 0)] {1840} ERROR: Error (s107m858)
[09.10.2017 14:26:01 (U, 0)] {1840} ----------------
[09.10.2017 14:26:01 (U, 0)] {1840} The following network error occurred while retrieving the application:

A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Contact your network administrator for assistance.

[09.10.2017 14:26:01 (N, 0)] {1840} Download FAILED for “https://flexera-prod-ib01.COMPANY/Ma...epapp02.npl”
[09.10.2017 14:26:01 (U, 0)] {1840} QUERY: Cannot download file
[09.10.2017 14:26:01 (U, 0)] {1840} ----------------
[09.10.2017 14:26:01 (U, 0)] {1840} The download was interrupted while retrieving file
"wndetstpepapp02.npl"

Do you wish Flexera Inventory Manager to attempt to retrieve the file again?
[09.10.2017 14:26:01 (U, 0)] {1840} ----------------
[09.10.2017 14:26:01 (U, 0)] {1840} RESPONSE: Cancel

[09.10.2017 14:26:01 (G, 0)] {1840} Program exited with code 1
The start of the inventory beacon software fails too with the error "Download failed .... Could not establish trust relationship for the SSL/TLS secure channel...."

So, if we replace the old certificate with the new one, the "old" servers (connected once with the old SSL certificate) still trust the new certificate?
What is "best practise" in this case?

Thanks for help in advance!

Matthias