Manualshelf

Specifications

ManualsBrandsMDS ManualsComputer equipmentOrbit MCR-4G
81828384858687888990
74 MDS Orbit MCR-4G Technical Manual MDS 05-6628A01, Rev. A
Certificate Renewal with SCEP
At some point, the dates on your certificate will need to be renewed due to time or security policy. A
client certificate can be renewed using the existing certificate with the same key as originally used
when it was generated. An alternative is to provide a new key and identify for the certificate that is to
be renewed and rekeyed.
The same request is used to renew as for the original request with a slight change in parameters
provided. For this request, the cert-key-name is always the key that will be used in the certificate that
you identify with the cert-identification-name. The ‘self’ cert and optional ‘self’ key are respectively the
existing certificate that will be renewed and the key that was originally used when it was created.
In the case we are going to use the same key in a renewed cert, it is not necessary to also call out this
same key as the self key. Here is a renewal request formed accordingly:
admin@(none) 02:03:49% request pki-scep-get-clientcert cert-server-name ex_scep_serv
cert-info-name ex_cert_info ca-issuer-name ex_ca_server cert-identification-name tst3 cert-key-name
ex_key_2 cert-self-cert-name ex_c_cert_2
is-valid true
[ok][2012-06-24 02:05:19]
[edit]
admin@(none) 02:05:19% exit
admin@(none) 02:13:51> show pki
KEY KEY
IDENTITY LENGTH KEY DATE TIME
----------------------------------------
ex_key 2048 2012-06-20T10:46:59Z
ex_key_1 2048 2012-06-19T04:36:26Z
ex_key_2 2048 2012-06-19T10:57:10Z
CACERT IDENTITY
------------------
ex_ca_server
ex_ca_server_ENC
ex_ca_server_SGN
CERT
IDENTITY
-------------
ex_c_cert_2
tst3
admin@(none) 02:05:19%
Here is an example of how to renew a cert with a new key and new cert name:
admin@(none) 05:16:58> request pki-scep-get-clientcert cert-server-name ex_scep_serv
cert-info-name ex_cert_info ca-issuer-name ex_ca_server cert-identification-name tst4 cert-key-name
ex_key_3 cert-self-cert-name tst3 cert-self-key-name ex_key_2
is-valid true
[ok][2012-06-24 05:17:32]
admin@(none) 05:17:32> show certmgr