Step 9: Generate New Certificate
System Server Certificates
If the Certificate System 7.3 server is on a different machine than the Certificate Management
System 6.x server, then an SSL server certificate associated with each newly-migrated
Certificate System server instance must be created.
There are three procedures to generate new server certificates, depending on the subsystem:
generating self-signed CA server certificates; generating a CA certificate request which is
signed by another CA; and generating DRM, OCSP, or TKS server certificates.
1. Self-Signing an SSL Server Certificate for a CA
1. Open the Certificate System 7.3 CA directory. For example:
cd /var/lib/rhpki-ca
2. Open the CA Console.
3. Select the Configuration tab.
4. Select the System Keys and Certificates option from the menu on the left.
5. Select the Local Certificates tab on the right.
6. Press the Add/Renew button to launch the Certificate Setup Wizard.
7. Follow the wizard prompts, and fill in the appropriate information.
a. In the Type of Operation panel, select the Request a certificate option (the default).
b. In the Certificate Selection panel, select SSL Server Certificate from the pull-down
Choose the Sign this SSL Certificate with my CA Signing Certificate option (the
default). The SSL server certificate is automatically generated at the end of the process.
c. In the Key-Pair Information for the SSL Server Certificate panel, select Create new
key pair.
Fill in information in the other fields on this panel as necessary.
d. Select the desired hashing algorithm or use the default of SHA-1 in the Message Digest
Chapter 10.