I have a customer that is getting ready to deploy Universal Password for
an IDM3 implementation. The problem is that they have 56 bit keys in all
of their trees.

My question is, are there any risks with revoking and re-issuing the tree
keys? I know SDIDIAG makes it pretty much automatic, but is there
anything I need to do afterwards like run PKIDIAG on all of the servers to
re-issue certificates? Is there a backout procedure from this if
something goes wrong?

Any info is much appreciated.