Modifying a server-based CA

After you migrate or create a certifier, you can modify it through the certifier ICL or through the certifier document in the Domino® Directory. How you open a certifier to modify it affects the number and type of changes you can make.

About this task

Only CA administrators can modify a server-based CA. A CA administrator must have Editor access to the Domino® Directory in order to modify a certifier.

To modify a certifier through the ICL

Procedure

  1. Shut down the CA process used by the certifier that you want to modify. At the server console, type:
    tell ca quit
  2. From the Domino® Administrator, click Configuration.
  3. On the Tools pane, choose Certification > Modify Certifier.
  4. Select the server that hosts the CA you want to modify, if necessary
  5. Select the certifier to recover by doing one of the following:
    • Select the certifier document from the Domino® Directory.
    • Select the certifier ICL database.
      Note: If the certifier is protected with a lock ID, you must unlock it in order to modify it.
  6. In the Certifier dialog box, modify the certifier as needed. You can change these features:
    • Method for activating the certifier ID
    • CAs and RAs, and roles of current entries
    • CRL distribution point extension (Internet certifiers only)
    • Enable or disable backdating of certificate
    • Certificate duration
    • Certificate key usage (Internet certifiers only)
    • CRL publication and duration (Internet certifiers only)
  7. Click OK.
  8. The time period in which the Administration Requests database processes CA requests will vary. If you want to hasten the process, at the console enter:
    tell adminp process all
    tell ca refresh

    And then enter the following to see if the certifier has been modified:

    tell ca stat

What to do next

For detailed information on these options, see the topic Creating a certifier for a server-based CA.

To modify a certifier through the Certifier document

About this task

Each time you create or update a certifier ID for an organization or organizational unit, a Certifier document is created and stored in the Domino® Directory. For Notes® certifiers, the Certifier document contains a record of the certifier ID. For Notes® and Internet certifiers, the Certifier document is a record of the certificates associated with the Certifier document. A certificate is a unique electronic stamp that identifies users or servers.

To modify a Certifier document, you must have Editor access to the Domino® Directory. Full-access administrators and administrators have this access by default; however, be sure that all certificate authority (CA) administrators also have this access.

Procedure

  1. From the Administrator, click Configuration.
    Note: If the certifier is protected with a lock ID, you must unlock it in order to modify it.
    • On the Basics tab, you can modify certifier name and issuer.
    • Click Modify CA configuration to change CAA and RA associations.
  2. Click Save and Close.