Ken; Fusion accesses the root certificate by name, so if you replace the old certificate with a new certificate of the same name, then Fusion will use the new certificate the next time it needs to connect.  If the validity window for the new certificate overlaps the validity window for the old certificate, then all should be fine, assuming of course that you deploy the new certificate before the old one expires.  You can use MSP to do this.  From MSP 4.0 onwards, the ability to detect when a certificate is going to expire and acquire and redeploy a new one automatically has been supported.  This might also be possible with other MDMs.  The key thing is to make sure that the old certificate is removed as part of the installation of the new certificate. If this is not done, Fusion may use the wrong one and connectivity will be lost once the old certificate expires even though the new certificate is present.  If there is only one certificate of the given name, then Fusion will of necessity use that one. Allan

Thanks Allan.  So if we replace the current certificate file in \Application\RootCerts with one of the same name (using an MDM like Athena), how do we get Fusion to reprocess the certs in this folder so the new one is used?  I don't think having the device reprocess CPY and REG files will do this, correct?  Is there a way to force Fusion to reprocess certificates in \Application\RootCerts?