Without the cert ahead of time, they can validate that the message is intact, but not who actually generated it.
2) Where are these certificates located in the Director?
[Versa]
/var/versa/vnms/data/certs
admin@Director-Snehal-VSA:.../data/certs$ ls -ltr | grep sso
-rw-rw---- 1 versa versa 916 Oct 9 10:31 vnms_sso_private.key
-rw-rw---- 1 versa versa 1074 Oct 9 10:31 vnms_sso_public.crt
[Administrator@Director: ~] $ keytool -printcert -file /var/versa/vnms/data/certs/vnms_sso_public.crt
Owner: L=Santa Clara, ST=California, C=US, OU=VersaDirector, O=versa-networks, CN=AZR-VD01
Issuer: L=Santa Clara, ST=California, C=US, OU=VersaDirector, O=versa-networks, CN=AZR-VD01
Serial number: 123456789098765
Valid from: Tue Jan 11 15:29:40 EDT 2022 until: Wed Jan 11 15:29:40 EDT 2023
6) How do I renew the certs on both Regular (Non-FIPS) and FIPS Director?
FIPS:
openssl req -newkey rsa:4096 -nodes \
-keyout /var/versa/vnms/data/certs/vnms_sso_private.key \
-x509 -days 1095 \
-out /var/versa/vnms/data/certs/vnms_sso_public.crt \
-subj "/CN=$(hostname -f)/O=versa-networks/OU=VersaDirector/C=US/ST=California/L=Santa Clara"
NON FIPS:
openssl req -newkey rsa:2048 -nodes \
-keyout /var/versa/vnms/data/certs/vnms_sso_private.key \
-x509 -days 1095 \
-out /var/versa/vnms/data/certs/vnms_sso_public.crt \
-subj "/CN=$(hostname -f)/O=versa-networks/OU=VersaDirector/C=US/ST=California/L=Santa Clara"
Replace the /var/versa/vnms/data/certs/vnms_sso_private.key and vnms_sso_public.crt