ADSS Server enables the operator to re-key a CSCA certificate as they are created on console. It must be noted that when the checkbox 'Enable Auto Rekey is checked during the creation of a certificate, it cannot be re-keyed manually. 

To rekey a CSCA certificate, navigate to the following screen: 

 Click on the 'Rekey Certificate' button, following screen will be displayed: 



The configuration items are as follows:

Items

Description

Certificate Alias

Displays the name (alias) of the selected certificate. 

New Key Alias

In case of rekey a new key-pair will be generated so define a new key name (alias) in this field for the new pair.

New Certificate Alias

The operator will define a new certificate name (alias) in this field to re-key the certificate.

The special characters &, <, > can not be used in Certificate Alias.

Crypto Profile

This field displays the crypto profile used for the selected certificate. By default the same Crypto Profile as the old key pair will be shown selected, but operator can change it if it is required.

Key Algorithm

This field shows the key algorithm for the selected certificate. The key algorithm of the certificate cannot be changed.

Key Length

This field shows the key length for the selected certificate. By default the same Key Length will also be shown, but operator can change it to a new length. 

Distinguish Name

By default, same Distinguish Name will be shown that was entered for old certificate. The operator can change the values if Name Change extension is enabled for the CSCA certificate in the relevant certificate template. However, Country cannot be changed even if Name Change extension is enabled.   

The special characters &, <, > can not be used in Certificate Common Name.

Multilingual characters are supported in Subject Distinguished Name RDNs except Email RDN.

Subject Alternative Name (SAN)

Provide the subject alternative name if you wish to add SAN extension in the certificate. You can add as many SANs as required by clicking the + button. rfc822Name, dNSName, iPAddress, directoryName and otherName as subject alternative name can be configured.

Note: SAN extension must be enabled in the required certificate template in order to add these values in the certificate. If SAN extensions are not enabled in the template then the values provided in the field(s) will be discarded.

CDP Address

Enter the required CDP extension value in the CDP Address field. 


Clicking on the 'Rekey Certification' button will trigger the re-key process.


See also

Creating CSR/Certificates
Importing Certificates
Exporting Keys/ Certificates
Searching Certificates
Rekey CSCA Certificates