Previous Topic: Secure the Critical Advanced Encryption FilesNext Topic: Create Custom Machine Searches

Platform Deployment GuideAdvanced Encryption ModeHow Do I Replace Enterprise Certificates?

How Do I Replace Enterprise Certificates?

Because every CA DataMinder machine has copies of the same enterprise certificate, if the enterprise private key is compromised then the security of any data transfer is at risk. As a security precaution, and as with any PKI, we therefore recommend that you periodically replace the enterprise certificate. The CA DataMinder scheme has been designed to make this as simple as possible.

The main steps are:

  1. Create three machine searches for use in the CA DataMinder Administration console. You will use these searches to monitor progress across your CA DataMinder enterprise when you update your enterprise certificate.
  2. Update the Key Store and Revocation List. You will do this on your secure server using the CA-supplied script, GenerateKeyStore.bat.
  3. Deploy the new Key Store and Revocation List. This is a multi-step procedure designed to minimize disruption to your CA DataMinder enterprise.