Apply patch on the OES server where CA is hosted in the tree.
Restart the eDirectory service.
rcndsd restart
Delete the existing CA in tree and create a new CA with SHA-2 signing algorithm. For more information, see the TID on Configuring eDirectory to mint certificates with a SHA-2 signature (7016877).
Restart the eDirectory service.
Run the following command to recreate the eDirectory server certificates with SHA-2 algorithm.
rcndsd restart
Reboot the server.
IMPORTANT:Ensure that eDirectory service is restarted before rebooting the server.
All the OES services will now use the new eDirectory certificates.
Apply patch on the OES server.
Restart the eDirectory service.
Run the following command to recreate the eDirectory server certificates with SHA-2 algorithm.
rcndsd restart
Reboot the server.
IMPORTANT:Ensure that eDirectory service is restarted before rebooting the server.
All the OES services will now use the new eDirectory certificates.
If there are OES servers (OES 11 SP1 or older versions) in the tree, it is recommended to delete the server certificates of that server and create a new certificate with SHA-2 signing algorithm same as CA. The CA will be hosted on OES 11 SP3 server in the tree.