This content has been marked as final. Show 3 replies
read the instructions here on how to use certutil: http://www.mozilla.org/projects/security/pki/nss/tools/certutil.html
Basically, you need to run certutil with the -R option to generate a CSR which you then send to your CA and make sure you specify the same information as your existing certifcate.
eg: certutil -R -s myserver.com -o cert-request-file-myserver.csr -d <dir containing db files> -a -g 2048
Once you receive your certificate, you can use the -A option to import the new one. Renewal does not work in the old version of the web server so you will need to reconfigure your web server to use the new certificate instead of your old one once it is imported.
eg: certutil -A -n myserver -t "p,p,p" -d <dir containing db files> -a -i certificate.pem
In the examples above, don't I need to pass the certificate key to certutil as a parameter when creating the request and installing the new certificate, or am I misunderstanding?
Also, after the new cert is installed, is there any configuration changes we have to make in order to authenticate clientes using their certificates? We're using Sun One 6.1.
Thanks in advance.