You can assign a new key pair to an IBM® Domino® certifier
and roll over the current key pair.
Procedure
- In the Domino Administrator,
click .
- In the Generate New Certifier Key dialog
box, click Directory Server and specify a registration
server in the list box that appears.
- Click ID file. In the Choose
a Certifier ID dialog box, select the certifier ID file
for which you want to assign new keys.
- Use the default server or click Server to
specify a server.
Then select one of these options:
- Supply a certifier ID and password.
- Click Certifier ID if you want to use an
ID other that which is displayed.
- Otherwise, click OK, enter the password for the selected certifier
ID, and click OK.
- Use the CA Process. If you have
configured the Domino server-based
CA, select a CA configured certifier from the list and click OK.
- At this point, the options in the Generate New
Certifier Key dialog box change, depending on whether
you chose a top-level certifier ID or an intermediate one.
- If you chose a top-level certifier ID, the dialog box
shows the following information:
The selected certifier is a top-level certifier and will re-certify itself.
Click OK.
This generates the new key pair and adds it to the top-level certifier
ID.
- If you chose an intermediate-level certifier ID, the
dialog box shows the following information:
The selected certifier is not a top-level certifier and must be recertified by its parent certifier.
Click Certify
Using.
The Choose a Certifier dialog box
opens again. Follow the substeps from Step 3, this time to specify
the parent certifier for the target CA ID file.
Results
The new key pair is generated and added to the top-level
certifier ID.
If you chose to assign the keys directly to the
certifying certifier's ID file, rather than choosing to use the CA
process for key rollover, then key rollover happens immediately. However,
if the CA process is chosen, the rollover sequence does not occur
until the ID file of the CA being rolled over is opened to issue a
certificate. When that happens, the directory on the registration
server is searched for new certificates to be added to the certifier
ID file.