You cannot re-send an “old” certreq.arm to the CA (for example: Verisign, Thwarte, Entrust, and so on) or re-import/receive the “old” certificate issued by the CA into iKeyman for renewal. Neither one of the preceding methods will work, nor are they supported.

  1. Start the iKeyman graphical interface.
  2. Open the existing KeyFile (.kdb) that contains the certificate.
  3. Click on the “old” certificate in the Personal Certificates section of the KeyFile and then click on the Recreate request button to the right of the screen. This will bring up a window asking you to provide a name for the request. The default of certreq.arm is fine. Save the file to the hard drive (preferably in the same directory as the old request file.)
    Note: Do not delete the “old” certificate.
  4. Send the “new” certreq.arm to your CA.
  5. After receiving the “renewal” certificate from the CA, click on the Receive button to the right of the screen and browse to the directory where you have stored the “renewal” certificate.
  6. Highlight the “renewal” certificate and click Open and then click OK. You should then see the following message:
    A renewal certificate was found, Do you want to update the existing certificate?

  7. Select Yes.
  8. Your “renewal” certificate should be successfully added to your (.kdb) file.
  9. Close the iKeyman utility and restart the IBM HTTP Server for the changes to take effect.
    Caution: Some certificate authorities add strings to the users requested Distinguished Name, but will not accept renewal requests that already contain the added strings. One such example is an addition to the OU field of:”OU = Member, VeriSign Trust Network”If the renewal request is rejected due to the presence of the CAs additions in the request, create a new certificate request manually instead of using the “recreate certificate request” function of iKeyman.

taken from IBM support

Yorum yapın?