ADSS Server enables the operator to re-key a CVCA or DVCA certificate as they are created on console. The CVCA and DVCA certificates are short lived, hence they are re-keyed frequently. When 'Enable Auto Rekey' is enabled for a certificate, it cannot be re-keyed manually. 

When a CVCA certificate is re-keyed either manually or automatically, it is distributed automatically to a SPOC registered as a client  at CVCA instance. It is usually the Domestic SPOC that will forward the re-keyed certificate to Foreign SPOCs and Domestic DVCAs. In case of automatic re-key, the relevant Local CVCA's certificate will also be replaced with new certificate. However, in case of manual re-key, the operator will have to change the Local CVCA's certificate manually.

To rekey a CVCA or DVCA certificate, navigate to the following screen: 

 Click on the 'Rekey Certificate' button, following screen will be displayed: 

The configuration items are as follows are as follows:

Items

Description

Certificate Alias

Displays the name (alias) of the selected certificate. The name has to be unique within the ADSS system.

New Key Alias

The operator will define a new key name (alias) in this field to re-key the certificate.

New Certificate Alias

The operator will define a new certificate name (alias) in this field to re-key the certificate.

The special characters &, <, > can not be used in Certificate Alias.


Crypto Profile

This field displays the crypto profile used for the selected certificate. By default the same Crypto Profile as the old key pair will also be shown, but operator can change it if it is required.

Key Algorithm

This field shows the key algorithm for the selected certificate. The key algorithm of the certificate cannot be changed.

Key Length

This field shows the key length for the selected certificate. By default the old key length will also be shown, but operator can change it if it is required. 

Description

This should be used to describe the key purpose in more detail (e.g. in which circumstances this key will be used and/or what sort of template the key is assigned, which applications use it etc). 


Clicking on the 'Rekey Certification' button will trigger the re-key process.


See also

Creating CV Certificates
Importing CV Certificates
Change Sequence Number Algorithm
Searching CV Certificates