Registration Authority (RA) certificate's validity period is 365 days from the date it was issued. If a RA certificate is due to expire, you must re-enroll for a new RA certificate to continue to use Automated Administration without interruption.
To renew the Registration Authority (RA) Certificate using the Hardware Signing option, perform the following steps:
aakeygen -name <yourAdminName> -org <yourCompany> -division <yourDept> -locality <yourCompanyCity> -state <yourCompany State> -country <your CompanyCountry> >racert.req
Note: You can use the -policy <full path to your policy file> parameter instead of the -org <yourCompany> and -division <yourDept> parameters. The -policy parameter uses the organization name and division name in your Symantec policy file to generate the CSR. If you use the -policy parameter and the -org and -division parameters, the values in the policy file will override the -org and -division values.
The resulting racert.req file contains a certificate signing request (CSR) in base64 format.
+You must use the identical, case-sensitive text values for org and orgUnit that you used when you enrolled for the Managed PKI service. Set the attribute values as follows:
- org: Use the value that you submitted for Company/Department/Agency
- orgUnit: Use the value that you submitted for Division/Organization/Project
If you do not know your company and department, open the Managed PKI Control Center. Your company and department are located in the upper right-hand corner. Your aakeygen command must exactly match this information, including case, spaces, and punctuation.
+ For country, use a two-character ISO country code, such as US.
+ To enter a parameter that contains a space character, use quotes to surround the string (for example, “Mountain View”).