How do I configure the automatic renewal of the PKI certificate?

Automatic renewal

Before a PKI certificate expires, you can configure the automatic generation of a new CMP key and use an enrollment protocol (for example, CMPv2 or EST) to obtain a new certificate from the CA.

Steps
 

Choose Administration→Security→NE PKI Authentication→PKI Certificate Authority Profiles from the NFM-P main menu. The PKI Certificate Authority Profiles form opens.


Click Create. The Certificate Authority Profile (Create) form opens.


Configure the required parameters.


Click on the CMPv2 tab.


Configure the required parameters and click OK.


Choose Administration→Security→NE PKI Authentication→Certificate Update Profile. The Certificate Update Profile form opens.


Click Create. The Certificate Update Profile, Global Policy (Create) form opens.


Configure the required parameters. Select the certificate authority profile that you created in Step 3 and click OK.


Choose Administration→Security→NE PKI Authentication→Certificate Auto Update Profile. The Certificate Auto Update Profile form opens.


10 

Click Create. The Certificate Auto Update Profile, Global Policy (Create) form opens.


11 

Configure the required parameters. Select the certificate update profile that you created in step Step 8 and click OK.


12 

Update and execute the admin certificate:

  1. Choose Administration→Security→NE PKI Authentication→Site Public Key Infrastructure from the NFM-P main menu. The Site Public Key Infrastructure form opens.

  2. Choose an NE in the list and click OK. The Site Security Public Key Infrastructure (Edit) form opens.

  3. Configure the required parameters.

  4. Choose Admin Certificate→Update certificate. The Admin Certificate Update Certificate form opens.

  5. Configure the certificate auto update profile that you created in Step 8.

  6. Click Execute.


13 

Close the forms.

End of steps