Home > Key Manager > Service Keys > Creating Certificates > Rekey CSCA Certificates

Rekey CSCA Certificates

ADSS Server enables the operator to re-key a CSCA certificate as they are created on console. It must be noted that when the checkbox 'Enable Auto Rekey is checked during the creation of a certificate, it cannot be re-keyed manually. 

To rekey a CSCA certificate, navigate to the following screen: 

 Click on the 'Rekey Certificate' button, following screen will be displayed: 



The configuration items are as follows:

Item Description
Certificate Alias
Displays the name (alias) of the selected certificate. 
New Key Alias In case of rekey a new key-pair will be generated so define a new key name (alias) in this field for the new pair.
New Certificate Alias The operator will define a new certificate name (alias) in this field to re-key the certificate.


The special characters
 &, <, > can not be used in Certificate Alias.
Crypto Profile
This field displays the crypto profile used for the selected certificate. By default the same Crypto Profile as the old key pair will be shown selected, but operator can change it if it is required.
Key Algorithm
This field shows the key algorithm for the selected certificate. The key algorithm of the certificate cannot be changed.
Key Length This field shows the key length for the selected certificate. By default the same Key Length will also be shown, but operator can change it to a new length. 
Distinguish Name
By default, same Distinguish Name will be shown that was entered for old certificate. The operator can change the values if Name Change extension is enabled for the CSCA certificate in the relevant certificate template. However, Country cannot be changed even if Name Change extension is enabled.   

The special characters  
&, <, > can not be used in Certificate Common Name

Multilingual characters are supported in Subject Distinguished Name RDNs except Email RDN
Subject Alternative Name (SAN)
Provide the subject alternative name if you wish to add SAN extension in the certificate. You can add as many SANs as required by clicking the + button. rfc822Name, dNSName, iPAddress, directoryName and otherName as subject alternative name can be configured. 

Note: SAN extension must be enabled in the required certificate template in order to add these values in the certificate. If SAN extensions are not enabled in the template then the values provided in the field(s) will be discarded.
CDP Address Enter the required CDP extension value in the CDP Address field. 


Clicking on the
 'Rekey Certification' button will trigger the re-key process.

See also

Creating CSR/Certificates
Importing Certificates
Exporting Keys/ Certificates
Searching Certificates