All of our SSL certs were generated 2 years ago and are about to expire. (The primary just did, kicking this venture off.) I used the java keytool to create a new SSL cert on our primary, restarted zenserver and it shows up fine. Did the same thing on the satellite, restarted xplatagent and even the whole server, and it still shows up with the old cert when I connect to https://testsatellite. I gave it the same name ("jetty") as the original, but it appears to be caching or storing it somewhere else. Can anyone point me to what I need to change? Should I use openssl to generate the pair, since keytool can't export the private key? The documentation is less than clear, the only reference I can find is to zac import-authentication-cert; I'm not sure if that's what I need or not.