How To Recover The Certificate Authority


A How To on Recover The Certificate Authority for an EDirectory.


All certificates that are already in the NDS tree will continue to function normally until the certificate expires (the default is 2 years). They only require the CA server on creation. Every server in the NDS tree should also have the same NICISDI.KEY file installed which means that they can encrypt and decrypt NDS information such as user passwords.

CA server has crashed completely#

If the server holding the CA server has crashed completely and needs to be reinstalled into the tree, then first a new security domain server needs to be designated for the tree.

This is stored as an attribute "NDSPKI:SD Key Server DN" of the object W0.KAP.SECURITY in the NDS tree. To designate a different server as the Security Domain, simply change this attribute in Console1 to the full distinguished name of another reliable server.

Next, install the Certificate Server on another server (this can be the same server as the Security Domain server, but does not have to be). This is done in as a product installation.

More Information#

There might be more information for this subject on one of the following: