Correction: I meant, How can it be renewed for more than 2 years (say 5 years)? From: <Jain>, "Jain, Mahendra" <majain@verisign.com<mailto:majain@verisign.com>> Date: Sunday, March 29, 2015 at 9:07 PM To: "pki-users@redhat.com<mailto:pki-users@redhat.com>" <pki-users@redhat.com<mailto:pki-users@redhat.com>> Subject: [Pki-users] Renew PKI Administrator (caadmin) certificate Hello All, When I install the Dogtag Certificate System, the installation creates default PKI Administrator user (caadmin) and it’s certificate expires in 2 years. How do I renew the certificate for the PKI Administrator user? Thanks, Mahendra “This message (including any attachments) is intended only for the use of the individual or entity to which it is addressed, and may contain information that is non-public, proprietary, privileged, confidential and exempt from disclosure under applicable law or may be constituted as attorney work product. If you are not the intended recipient, you are hereby notified that any use, dissemination, distribution, or copying of this communication is strictly prohibited. If you have received this message in error, notify sender immediately and delete this message immediately.”

Thanks. It worked. Btw, the profile name is caAdminCert for default PKI Administrator user (cadmic). Here’re the steps I followed to renew default PKI Administrator user: 1. Disable the caAdminCert profile via the agent interface (caadmin uses Security Domain Administrator Certificate Enrollment profile) 2. Change the validity default parameter constraint for caAdminCert profile via PKIconsole 3. Enable the caAdminCert profile via the agent interface 4. Submit the certificate renewal request using 'Self-renew user SSL client certificates’ option via End Users interface - Mahendra From: Nalinda Herath <nali.mrt@gmail.com<mailto:nali.mrt@gmail.com>> Date: Monday, March 30, 2015 at 1:13 AM To: "Jain, Mahendra" <majain@verisign.com<mailto:majain@verisign.com>> Cc: "pki-users@redhat.com<mailto:pki-users@redhat.com>" <pki-users@redhat.com<mailto:pki-users@redhat.com>> Subject: Re: [Pki-users] Renew PKI Administrator (caadmin) certificate For issuing the CA admin certificate, CA uses the dual-use user certificate profile. First disable that profile via the agent interface and login to the PKIconsole. Go to the causerCert profile (i cant remember the exact name) and change the validity default parameter constraint. to renew, by default it should be within the renewal grace period. On Mon, Mar 30, 2015 at 7:11 AM, Jain, Mahendra <Majain@verisign.com<mailto:Majain@verisign.com>> wrote: Correction: I meant, How can it be renewed for more than 2 years (say 5 years)? From: <Jain>, "Jain, Mahendra" <majain@verisign.com<mailto:majain@verisign.com>> Date: Sunday, March 29, 2015 at 9:07 PM To: "pki-users@redhat.com<mailto:pki-users@redhat.com>" <pki-users@redhat.com<mailto:pki-users@redhat.com>> Subject: [Pki-users] Renew PKI Administrator (caadmin) certificate Hello All, When I install the Dogtag Certificate System, the installation creates default PKI Administrator user (caadmin) and it’s certificate expires in 2 years. How do I renew the certificate for the PKI Administrator user? Thanks, Mahendra “This message (including any attachments) is intended only for the use of the individual or entity to which it is addressed, and may contain information that is non-public, proprietary, privileged, confidential and exempt from disclosure under applicable law or may be constituted as attorney work product. If you are not the intended recipient, you are hereby notified that any use, dissemination, distribution, or copying of this communication is strictly prohibited. If you have received this message in error, notify sender immediately and delete this message immediately.” _______________________________________________ Pki-users mailing list Pki-users@redhat.com<mailto:Pki-users@redhat.com> https://www.redhat.com/mailman/listinfo/pki-users -- Best Regards, Nalinda