Changing Ports And Ip Addresses - Netscape MANAGEMENT SYSTEM 6.1 - ADMINISTRATOR Administrator's Manual

CA Certificate Renewal or Reissuance
When a CA signing certificate expires, all certificates signed with the CA's
corresponding signing key become invalid. End entities use information in the CA
certificate to verify the certificate's authenticity. If the CA certificate itself has
expired, applications cannot chain the certificate to a trusted CA.
There are two ways of dealing with CA certificate expiration:
• Renewing a CA certificate involves issuing a new CA certificate with the same
subject name and public and private key material as the old CA certificate, but
with an extended validity period. As long as the new CA certificate is
distributed to all users well before the old CA certificate expires, this approach
allows certificates issued under the old CA certificate to continue working for
the full duration of their validity periods.
• Reissuing a CA certificate involves issuing a new CA certificate with a new
name, public and private key material, and validity period. This approach
avoids some of the problems associated with renewing a CA certificate, but it
requires more work for both administrators and users to implement. All
certificates issued by the old CA, including those that have not yet expired,
must be renewed by the new CA.
There are advantages and disadvantages to each approach. Correct use of
extensions, for example the
the transition from an old CA certificate to a new one. You should begin planning
for CA renewal or reissuance before you install any CMS managers; consider any
ramifications your planned procedures may have for extensions, policies, and
other aspects of your initial PKI deployment.

Changing Ports and IP Addresses

You set up the ports for each of the interfaces when you install the Certificate
Manager. You can change the ports that any of the interfaces listen on, and you can
remove the HTTP (non-SSL) end-entity port if you will not use it. For information
on changing ports, see "Ports," on page 285. For information about the ports that
are setup with a Certificate Manager, see "Certificate Manager Interfaces," on page
89.
You can also change the IP address for the CMS instance. You might do this if you
have more than one IP address set up on your machine and want separate
instances of CMS to use different IP addresses. You cannot do this during
installation; you can only change this setting after installation. See "Changing an IP
Addresses," on page 289 for details.
authorityKeyIdentifier
Configuring the Certificate Manager
extension, can also affect
Chapter 3 Certificate Manager 115