My eDirectory Certificate Authority is due to expire in April so I guess
I need to replace it - what a pain! The questions is what is the best
way to do this? I mainly use the CA it for issuing server certificates
for LDAPS, IDM and so on, so its no big deal re-generating the
certificates. What I am not sure about is the procedure. Do I delete
the current CA object first, and then create a new one, or do I create
the new one and then delete the old one (can you even have two CAs)?
Also, if I delete the CA, will the associated default certificates be
deleted automatically or do I need to delete them manually?

My initial plan:
1) Export current CA, just in case
2) Delete current CA
3) Delete default certificates. I am not sure about this step:-
- are they deleted automatically
- do they not need deleting or are they will be overwritten by step
- what will happen to services using these certificates if they are
4) Create new CA
5) Create default certificates - if not already done so in step 4
6) Create new server certificates
7) Restart services using the certificates e.g. LDAP, HTTPSTKD

Is there a TID for this? I could not find one.

I am running eDirectory 8.8 SP5 on SLES 10 SP2.

Any advice would be welcome.
Steve Tennant

sttennant's Profile: https://forums.netiq.com/member.php?userid=389
View this thread: https://forums.netiq.com/showthread.php?t=46704