How do I configure the automatic renewal of the PKI certificate?
Automatic renewal
Before a PKI certificate expires, you can configure the automatic generation of a new CMP key and use an enrollment protocol (for example, CMPv2 or EST) to obtain a new certificate from the CA.
Steps
1 |
Choose Administration→Security→NE PKI Authentication→PKI Certificate Authority Profiles from the NFM-P main menu. The PKI Certificate Authority Profiles form opens. |
2 |
Click Create. The Certificate Authority Profile (Create) form opens. |
3 |
Configure the required parameters. |
4 |
Click on the CMPv2 tab. |
5 |
Configure the required parameters and click OK. |
6 |
Choose Administration→Security→NE PKI Authentication→Certificate Update Profile. The Certificate Update Profile form opens. |
7 |
Click Create. The Certificate Update Profile, Global Policy (Create) form opens. |
8 |
Configure the required parameters. Select the certificate authority profile that you created in Step 3 and click OK. |
9 |
Choose Administration→Security→NE PKI Authentication→Certificate Auto Update Profile. The Certificate Auto Update Profile form opens. |
10 |
Click Create. The Certificate Auto Update Profile, Global Policy (Create) form opens. |
11 |
Configure the required parameters. Select the certificate update profile that you created in step Step 8 and click OK. |
12 |
Update and execute the admin certificate:
|
13 |
Close the forms. End of steps |