Assigning a new key pair to a certifier
You can assign a new key pair to an HCL Domino® certifier and roll over the current key pair.
Procedure
- In the Domino® Administrator, click .
- In the Generate New Certifier Key dialog box, click Directory Server and specify a registration server in the list box that appears.
- Click ID file. In the Choose
a Certifier ID dialog box, select the certifier ID file
for which you want to assign new keys.
- At this point, the options in the Generate New
Certifier Key dialog box change, depending on whether
you chose a top-level certifier ID or an intermediate one.
The Choose a Certifier dialog box opens again. Follow the substeps from Step 3, this time to specify the parent certifier for the target CA ID file.
Results
The new key pair is generated and added to the top-level certifier ID.
If you chose to assign the keys directly to the certifying certifier's ID file, rather than choosing to use the CA process for key rollover, then key rollover happens immediately. However, if the CA process is chosen, the rollover sequence does not occur until the ID file of the CA being rolled over is opened to issue a certificate. When that happens, the directory on the registration server is searched for new certificates to be added to the certifier ID file.