Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 2 Next »

This article is added for CM 8.10. 

This article describes how to change certain parameters of a Signing Authority (SA) in Smart ID Certificate Manager (CM). The name of the SA can be modified and the SA can be closed or reactivated.

Furthermore, CM includes functionality to renew SA certificates without breaking the certification chain of already issued end user certificates. Renewed SA certificates must replace the existing ones in the trust stores of all third party client software, server software and devices. The serial number and signature of the renewed SA certificate will differ from the certificate it replaces. A later expiry date and a different signing algorithm can optionally be chosen at time of renewal. After renewal, the old certificate will not remain in the database.

This task is done in Administrator's workbench (AWB).

Prerequisites

The SA tasks require a specific license option.

The following task requires MSO signatures to be completed.

  • Both officers must have the following roles:

    • Use AWB

    • Signing Authority and SA Key tasks

A connection to the CM host must have been established. See Connect to a Certificate Manager host.

Step-by-step instruction

Modify SA

  1. In AWB, select the CA/SA to be modified, by highlighting it.

  2. Select Modify from the Edit menu, the toolbar or the entity's short-cut menu.

  3. In the Modify dialog:

    1. To rename the CA/SA, enter a new name in Authority name.

    2. To deactivate or reactivate a CA/SA, select a new State.

  4. To renew a CA/SA, enter the new Expiration date, optionally select a new Signature algorithm and check Renew authority certificate.

  5. Modify the following parameters:

    1. the name that appears in the explorer bar of the AWB window

    2. change State to Active or Closed as required

    3. change Domain and Visible in subdomain

  6. When the required changes are complete, click OK and sign the request. See Sign tasks in Certificate Manager for more information.

Related information


  • No labels