In Novell land, the CA is the certificate authority, the place from which all certs come from. There are plenty of TID's at Novell about changing out your CA for a new one, but not much on what to do afterwards. We hit a few snags when we redid ours, but the basic procedure goes something like this....(we got this from Novell)
Export the existing CA (you might need it if things go bad)
Delete the existing CA
Create a new CA, either choose maximum or 10yrs (that way you don't have to do this again for awhile)
Export that to a new cert and save it as rootcert.der
Go to your eDIr Master (if you have more than one, then the one with the most MASTER replicas on it.) and do the following:
- copy rootcert.der to sys:\public(rename the existing one first)
- ap2webdn
- tc4(5)stop (depending on which one you are running)
- tckeygen
- java -exit
- ap2webup
- tomcat4(5)(depending on which one you are running)
- unload nldap
- pkidiag
- options 4,5 and then 0
- nldap
- reboot
at every step check the logger screen for errors........
