Previous Topic: Update the Key Store and Revocation ListNext Topic: iConsole Deployment

Platform Deployment GuideAdvanced Encryption ModeHow Do I Replace Enterprise Certificates?Deploy the New Key Store and Revocation List

Deploy the New Key Store and Revocation List

Deploy the updated Key Store and Revocation List. You must follow the steps below to enable your CA Data Protection enterprise to continue with minimal disruption during the certificate deployment.

Important! Do not try to optimize the following procedure. For example, do not try to combine steps 2 and 6. The procedure below is explicitly designed to minimize the steps needed to replace certificates on your client machines while retaining a functioning CA Data Protection enterprise.

  1. Distribute keystore.dat to the CA Data Protection \data folder on the CMS only. Then restart the CA Data Protection infrastructure service on the CMS, or reboot the server.
  2. Distribute keystore.dat to the CA Data Protection \data folder on all gateway servers. Then restart the CA Data Protection infrastructure service on each server, or reboot them.
  3. In the Administration console, run the 'All servers with out-of-date Key Store' custom search.

    When you can confirm that the CMS and all gateway servers have the new Key Store (that is, when this search returns zero results), continue to the next step.

  4. Distribute keystore.dat and revocation.properties to the CA Data Protection \data folder on all client machines. Then restart the CA Data Protection infrastructure service on each machine, or reboot them.
  5. In the Administration console, run 'All client machines with out-of-date Key Store' custom search.

    When you can confirm that all client machines have the new Key Store, continue to the next step.

  6. Distribute revocation.properties to the CA Data Protection \data folder on the CMS and all gateway servers. Then restart the CA Data Protection infrastructure service.
  7. Finally, in the Administration console run the 'All machines with out-of-date Revocation List' custom search to confirm that the CMS and all CA Data Protection gateway servers and client machines have the new list.