The reissue flow is initiated from the agent using the setup command line argument. When an agent that is already registered uses the setup command line argument ep-agent.sh setup and fills in the required credentials, a new registerAgent command is sent to the server.
The server detects that the agent is already registered and sends the agent a new client certificate without creating another agent resource. On the agent side, the new client certificate replaces the old one. In cases where the server certificate is modified and you run the ep-agent.sh setup command, you will see a message that asks you to trust the new certificate. You can alternatively provide the new server certificate thumbprint in the agent.properties file prior to running the ep-agent.sh setup command, in order to make the process silent.
Manage agent privilege to revoke and update certificates.
If the agent detects that the server certificate has been modified, a message is displayed. Accept the new certificate if you trust it and it is valid.