On Wed, 2010-05-26 at 12:28 -0500, Angie Aguilar wrote: > Hi, > > I have a local installation of openca (with CA and RA), and I'm trying > to prove/enable the "renew certificate" option. I've been searching at > web for more info about it, but not results yet. > > Any help or documentation about it will be very appreciated. > We have a similar combination CA/RA setup and faced similar confusion. Here is what we placed into our internal documentation. Hope it helps - John
Renewing a CSR, e.g., the Zimbra CSRs since we do not do server side generation for those, can be a bit tricky. We cannot simply process the same CSR as a new request or it will generate a key conflict error. First, we must revoke the existing cert. This can be done from the CA in our shared database environment. We then must renew the CSR. This is the tricky part and is one of the few operations which must be done from the RA. Goto the RA interface. Go to Information / Certificate Requests / Archived and click on the serial number of the original request. Click on Renew Request. Make any edits if necessary. In our shared database environment, it is not necessary to approve the request. Return to the CA interface and go to CA Operations / Certificate Requests / Pending and click on the renewed request and process as normal. ------------------------------------------------------------------------------ _______________________________________________ Openca-Users mailing list Openca-Users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openca-users
