This article is added for CM 8.10.
This article describes how to change certain parameters of a Signing Authority (SA) in Smart ID Certificate Manager (CM). The name of the SA can be modified and the SA can be closed or reactivated.
Furthermore, CM includes functionality to renew SA certificates without breaking the certification chain of already issued end user certificates. Renewed SA certificates must replace the existing ones in the trust stores of all third party client software, server software and devices. The serial number and signature of the renewed SA certificate will differ from the certificate it replaces. A later expiry date and a different signing algorithm can optionally be chosen at time of renewal. After renewal, the old certificate will not remain in the database.
This task is done in Administrator's workbench (AWB).
Prerequisites
The SA tasks require a specific license option.
The following task requires MSO signatures to be completed.
Both officers must have the following roles:
Use AWB
Signing Authority and SA Key tasks
A connection to the CM host must have been established. See Connect to a Certificate Manager host.
Step-by-step instruction
Modify SA
In AWB, select the CA/SA to be modified, by highlighting it. Select Modify from the Edit menu, the toolbar or the entity's short-cut menu. In the Modify dialog: To rename the CA/SA, enter a new name in Authority name. To deactivate or reactivate a CA/SA, select a new State. To renew a CA/SA, enter the new Expiration date, optionally select a new Signature algorithm and check Renew authority certificate. Modify the following parameters: the name that appears in the explorer bar of the AWB window change State to Active or Closed as required change Domain and Visible in subdomain When the required changes are complete, click OK and sign the request. See Sign tasks in Certificate Manager for more information.