Requesting a host key rollover

If a TLS host key pair is compromised or you want to change the key type or key size, request a key rollover.


  1. Open certstore.nsf and then open the appropriate TLS Credentials document.
  2. In the Request key rollover field, select the reason you are requesting the rollover from the list presented See Key rollover options.
  3. Click Submit Request.


The rollover request is submitted immediately. The new key pair is generated based on key type and key size configured in the TLS Credentials document.

If you change the key type or key size and do not select Request key rollover, the key type or key size change is made at the next certificate renewal.