Deploying Certificate Manager's Renewed Ca Signing Certificate; Deploying Registration Manager's Renewed Signing Certificate - Netscape MANAGEMENT SYSTEM 4.5 Installation And Setup Manual

Renewing Certificates for the Subsystems
• If you installed a renewed transport certificate for a Data Recovery Manager,
see section "Deploying Data Recovery Manager's Renewed Transport
Certificate" on page 499.
• If you installed a renewed SSL server certificate, see section "Deploying a
Subsystem's Renewed SSL Server Certificate" on page 501.
For all certificates, make sure the that CA-chain verification takes place smoothly.
For example, if you requested the certificate from a different CA, be sure to import
a CA certificate into the certificate database of the subsystem using the Certificate
Setup Wizard. For instructions, see "Using the Wizard to Install a Certificate or
Certificate Chain" on page 471. After you install the CA certificate, you can follow
the instructions in see "Changing the Trust Settings of a CA Certificate" on
page 505 to trust the CA certificate you imported.

Deploying Certificate Manager's Renewed CA Signing Certificate

If you renewed a CA signing certificate, deploy it in the PKI environment that
depends on this certificate for validation. For example, you'll need to add the
renewed CA certificate to the certificate databases of clients that trust this CA.
Similarly, if you have configured the Certificate Manager to publish CRLs to a
Online Certificate Status Manager, you will need to identify the Certificate
Manager to the Online Certificate Status Manager again. For details, see "Step 3.
Identify the CA to the OCSP Responder" on page 711.
You might also need to get a new agent certificate. For instructions, see the
procedure outlined in "Deploying Certificate Manager's CA Signing Certificate"
on page 490.
It is beyond the scope of this book to explain how you should deploy the new CA
certificate. You may find it useful to go over some of the deployment issues
discussed in the document available at this URL:
http://help.netscape.com/kb/corporate/19980710-25.html

Deploying Registration Manager's Renewed Signing Certificate

Here's what you must do:
Install the renewed signing certificate in the subsystem's certificate database.
1.
Because the Registration Manager uses its signing certificate for SSL client
authentication to the subsystems, you must add the renewed signing certificate
to the internal database of all subsystems that have been configured to receive
requests from the Registration Manager.
498 Netscape Certificate Management System Installation and Setup Guide • October 2001