Highlighted
Honored Contributor.
Honored Contributor.
306 views

Recreating organizational CA

Jump to solution

A few months back, I retired an outdated server from my dev environment. It was only much later that I remembered this was the server that housed the organizational CA.  Questions:

1. Is it possible and/or advisable to spin up the server from the last backup, re-add it to eDirectory, then migrate the CA?

2. If this is not possible, can I just use iManager to...

   a. delete the current CA object

   b. create a new CA

   c. recreate all server certificates, LDAP, and remote-loader certs

?

 

Thanks

 

Labels (1)
0 Likes
1 Solution

Accepted Solutions
Highlighted
Knowledge Partner
Knowledge Partner

What has your CA signed?

Server SSL certs for LDAP?  Anything else?

External stuff?

IDM Remote Loader SSL certs?

If nothing else external, just delete the old CA, make a new one, and recreate the Default certs on all the servers (and refrersh LDAP config).

 

View solution in original post

0 Likes
3 Replies
Highlighted
Knowledge Partner
Knowledge Partner

What has your CA signed?

Server SSL certs for LDAP?  Anything else?

External stuff?

IDM Remote Loader SSL certs?

If nothing else external, just delete the old CA, make a new one, and recreate the Default certs on all the servers (and refrersh LDAP config).

 

View solution in original post

0 Likes
Highlighted
Honored Contributor.
Honored Contributor.
The only external stuff is an AD remote loader cert. I'll do as you suggest. Thanks.


0 Likes
Highlighted
Knowledge Partner
Knowledge Partner

If you can bring up the box / vm up OFFLINE (e.g. in some sort of "Nirvana portgroup") you can export the tree CA to pfx and restore it to the new CA server. Rough outline:

- bring the old box up OFFLINE, connect via iManager, export the CA

- delete the CA in the production tree

- create a new CA on a server of your choice, while doing so select the option to import from file

 

 

If you like it: like it.
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.