Previous Topic: Create Custom Machine SearchesNext Topic: Deploy the New Key Store and Revocation List

Platform Deployment GuideAdvanced Encryption ModeHow Do I Replace Enterprise Certificates?Update the Key Store and Revocation List

Update the Key Store and Revocation List

Generate the replacement Key Store and Revocation List.

  1. From a command prompt on your designated secure server, change to the \AdvancedEncryption folder.
  2. Run GenerateKeyStore.bat.
  3. When prompted, enter the root certificate passphrase.

    The batch file now generates keystore.dat and revocation.properties and saves these files in the \AdvancedEncryption\output subfolder on your secure server.

    The serial number for the enterprise certificate is incremented by 1. The certificate is saved in the new Key Store file, keystore.dat.

    The old serial number for the enterprise certificate is appended to the Revocation List in revocation.properties.

    The new enterprise certificate is saved as server<n+1>.crt, where <n> is the number used by the most recent certificate file. It is saved in the \AdvancedEncryption\persist subfolder on your secure server. For example, if the \perist folder already contains server1.crt and server2.crt, the newest replacement certificate will be saved as server3.crt.

More information:

Folders Used By Certificate Scripts