Nexus Certificate Manager
Nexus Certificate Manager
Breadcrumbs

Task 2 - Change to another existing CA in Certificate Manager

This task is performed during system key administration in  Smart ID Certificate Manager (CM). For information regarding when to do this task, see  Decide what action to take .

Prerequisites

Change to another existing CA

  1. Define a new certificate procedure according to Create certificate procedure in Certificate Manager  or modify the existing certificate procedure. 
    Use the following parameters:

    1. Key usage - clear all check boxes

    2. Issuing CA - The CA chosen for the new certificates (or that created in Task 1 )

    3. Certificate format - select the "server certificate" format

    4. Set the Certificate validity and Signature algorithm parameters as required.
      Note:It is not normally necessary to select distribution rules for these certificates.

  2. If you have created a new certificate procedure and if software tokens are to be used, define a new soft token procedure according to  Create token procedure in Certificate Manager .
    Use the following parameters:

    1. Storage profile - select "PKCS#12"

    2. PIN procedure - select "By registration authority"

    3. Issuer certificates - select "Do not store any"

    4. Certificate procedures - select the certificate procedure created in the previous step

  3. If you have created a new certificate procedure and if hardware tokens are to be used, define a new PKCS#10 token procedure according to  Create token procedure in Certificate Manager
    Use the following parameters:

    1. Storage profile - select "PKCS#10"

    2. Certificate procedures - select the certificate procedure created in the previous step

  4. When the certificate and token procedures for the new system keys exist, continue with the actions in  Task 3 and/or Task 4 .

If the replaced CA was used to issue officer certificates, new officer certificates must be issued using the new CA.