...
If IDM has already been used with test certificates, the insecure certificates have probably been used. Object history entries and secrets were likely created with the demo keys and any exported configurations may have been signed and encrypted with the demo keys too. In this case, the system must be bootstrapped again as described in this documentation. After the bootstrapping
if any object history entries exist, they must be resigned (using the batch_re-sign_history tool)
if any secrets exist in the DB, they need to be re-encrypted (using the batch_secretfieldstore_change_encryption_key tool) as described in Change Encryption key of secret field store).
any previously exported configuration’s signature won’t be verifiable.
any previously encrypted exported configuration won' be readable.
Bootstrapping procedure
Identify requirements
...