Environment
Novell Certificate Server (PKIS) 3.1.1
Novell eDirectory 8.8 for All Platforms
Novell iManager 2.6
Situation
Prior to Novell Certificate Server 3.1 and eDirectory 8.8 there was only one utility to recreate a server's default certificates, PKIDIAG. This utility was only available for the NetWare platform.
Resolution
This functionality has now been made available for all platfroms by including the certificate re-creation during the PKI health check and within iManager.
iManager:
Using the Novell Certificate Server plugin version 3.1.20060109 or higher you now have a task called Create Default Certificates under the Novell Certificate Server role for certificate re-creation.
PKI Health Check:
PKI's health check function can be triggered by either resetting the server, stopping and restarting eDirectory services or running an eDirectory repair. The repair must be run either in unattended mode or as a local repair while selecting to lock the database.
When the PKI health check is run on a server that server will recreate its own certificates as well as update the expiration times of all certificates in its home context (where its NCP server object resides). If there are other servers and their certificate objects in this context the health check will update these server's certificates as well. It does not matter whether or not this server actually holds a replica containing its home organization or organizational unit.
iManager:
Using the Novell Certificate Server plugin version 3.1.20060109 or higher you now have a task called Create Default Certificates under the Novell Certificate Server role for certificate re-creation.
PKI Health Check:
PKI's health check function can be triggered by either resetting the server, stopping and restarting eDirectory services or running an eDirectory repair. The repair must be run either in unattended mode or as a local repair while selecting to lock the database.
When the PKI health check is run on a server that server will recreate its own certificates as well as update the expiration times of all certificates in its home context (where its NCP server object resides). If there are other servers and their certificate objects in this context the health check will update these server's certificates as well. It does not matter whether or not this server actually holds a replica containing its home organization or organizational unit.