Modify CA in Certificate Manager
This article includes updates for CM 8.10.
This article describes how to change certain parameters of a Certificate Authority (CA) in Smart ID Certificate Manager (CM). The name of the CA can be modified and the CA can be closed or reactivated.
Furthermore, CM includes functionality to renew CA certificates without breaking the certification chain of already issued end user certificates. Renewed CA certificates must replace the existing ones in the trust stores of all third party client software, server software and devices. The serial number and signature of the renewed CA certificate will differ from the certificate it replaces. A later expiry date and a different signing algorithm can optionally be chosen at time of renewal. After renewal, the old certificate will not remain in the database.
This task is done in Administrator's workbench (AWB).
Prerequisites
The following prerequisites apply:
Two administration officers must sign the request.
Both officers must have the following roles:
Use AWB
CA and Key tasks
A connection to the CM host must have been established. See Connect to a Certificate Manager host.
Step-by-step instruction
Modify CA
In AWB, select the CA/SA to be modified, by highlighting it.
Select Modify from the Edit menu, the toolbar or the entity's short-cut menu.
In the Modify dialog:
To rename the CA/SA, enter a new name in Authority name.
To deactivate or reactivate a CA/SA, select a new State.
To renew a CA/SA, enter the new Expiration date, optionally select a new Signature algorithm and check Renew authority certificate.
Modify the following parameters:
the name that appears in the explorer bar of the AWB window
change State to Active or Closed as required
change Domain and Visible in subdomain
When the required changes are complete, click OK and sign the request. See Sign tasks in Certificate Manager for more information.