I have read quite a number of TIDs on how to recover from this situation, and I think I have the correct procedure in mind:

1) Delete exising CA object under Security container
2) Re-create CA object selecting a living host server
3) Run pkidiag, options 4,5,6 on all servers to re-key existing certs
4) Delete all old AG certs, since they will not be automatically recreated, and are not used


1) Will I need to do anything on my new CA to make it become CA, such as reinstall cert server/edir, unload/reload any modules, reboot?
2) Do I need to run tckeygen on all servers running Tomcat?
3) Is re-keying sufficient? Or will I need to delete all existing certs first, and then let pkidiag recreate?

Thanks if advance for any help provided.

My environment:

Netware 6.5 SP8 on nearly all servers, except for a few NW6 servers.
My only web-service is Groupwise 8 Webaccess and iManager.
50 servers.