Has anyone moved the tree CA to an OES2018sp1 machine yet? In my test env. I'm attempting this. I install a 2018sp1 box into an existing 2015sp1 (edir 8.8x) tree. The schema is updated in the existing tree with the first 2018sp1 server installed (according to the oes2018 install doc.). There are a new set of EC384 certs along with the std. SHA256 certs, that are introduced with edir 9X. According to MF they are not used for anything yet but will be in the future. The tid I started with is 3618399. When you move (export cert from 2015), these EC certs are not created when recreating the CA. If you just delete and recreate the CA, the certs are created, but there are problems with the CRL (found you have to delete the old CRL container to get this to work), this comes up after you re-issue the server certs. From Imanager 3x on 2018, the function repair and or create default certs, the function errors and fails to create the certs on a 2015sp1 machine. When I use the ndsconfig upgrade, it creates the certs fine on both versions, but do to the code, the certs are recreated on the 2015 machines as SHA1 (may have to reissue manually). If I just create a server cert from imanager 3.x, the cert creates fine and is issued as SHA256, only the defaults are created SHA1.

Was wondering if anyone else has attempted this. I want to make sure that these are created (the EC certs) so down the line, when they are needed for a service, they're there and ready.

Thanks for any insight, I do have an SR open on this. Seems to be a low priority..... In place upgrade is not an option. Using all VM's for testing.