gured to begin minting certificates using the SHA-2 signature. After patching this is done by deleting the existing SHA-1 signed RootCA and recreating it with a SHA-2 based signature. Then the CA is configured to force servers to follow its signing algorithm whenever their certificates must created.
Below are the basic steps involved:
1. Upgrade eDirectory to 88SP8 Patch 6 & iManager to 2.7SP7 Patch 5
2. Install the new eDirectory and PKI plugins
3. Backup the existing CA
4. Create a Trusted Roots object from the CA's public key
5. Delete the RootCA
8. Recreate RootCA
9. Setup Certificate Server so that the signing algorithm of the RootCA is followed by the servers
10. Force a PKI health check to recreate the server certificates and export them to the file system
11. Refresh NLDAP
DETAILS:
Below are the basic steps involved:
1. Upgrade eDirectory to 88SP8 Patch 6 & iManager to 2.7SP7 Patch 5
2. Install the new eDirectory and PKI plugins
3. Backup the existing CA
4. Create a Trusted Roots object from the CA's public key
5. Delete the RootCA
8. Recreate RootCA
9. Setup Certificate Server so that the signing algorithm of the RootCA is followed by the servers
10. Force a PKI health check to recreate the server certificates and export them to the file system
11. Refresh NLDAP
DETAILS:
.png)
No comments:
Post a Comment