Task 2 - Change to another existing CA in Certificate Manager
This task is performed during system key administration in Smart ID Certificate Manager (CM). For information regarding when to do this task, see Decide what action to take.
Change to another existing CA
- Define a new certificate procedure according to Create certificate procedure in Certificate Manager or modify the existing certificate procedure.
Use the following parameters:- Key usage - clear all check boxes
- Issuing CA - The CA chosen for the new certificates (or that created in Task 1)
- Certificate format - select the "server certificate" format
Set the Certificate validity and Signature algorithm parameters as required.
It is not normally necessary to select distribution rules for these certificates.
If you have created a new certificate procedure and if software tokens are to be used, define a new soft token procedure according to Create token procedure in Certificate Manager.
Use the following parameters:- Storage profile - select "PKCS#12"
- PIN procedure - select "By registration authority"
- Issuer certificates - select "Do not store any"
- Certificate procedures - select the certificate procedure created in the previous step
- If you have created a new certificate procedure and if hardware tokens are to be used, define a new PKCS#10 token procedure according to Create token procedure in Certificate Manager.
Use the following parameters:Storage profile - select "PKCS#10"
Certificate procedures - select the certificate procedure created in the previous step
When the certificate and token procedures for the new system keys exist, continue with the actions in Task 3 and/or Task 4.
If the replaced CA was used to issue officer certificates, new officer certificates must be issued using the new CA.