Knowledge Base

Solution

Registration Authority (RA) certificate's validity period is 365 days from the date it was issued. If a RA certificate is due to expire, you must re-enroll for a new RA certificate to continue to use Automated Administration without interruption.

To renew the Registration Authority (RA) Certificate using the Hardware Signing option, perform the following steps:

1. Stop the Automated Administration service
From the Start menu, click Programs > Administrative Tools > Services
Right-click on Automated Administration Service and select Stop
2. Generate a RA key-pair on the token and the RA certificate signing request. To do this, run aakeygen with the following command:

aakeygen -name <yourAdminName> -org <yourCompany> -division <yourDept> -locality <yourCompanyCity> -state <yourCompany State> -country <your CompanyCountry> >racert.req

Note:  You can use the -policy <full path to your policy file> parameter instead of the -org <yourCompany> and -division <yourDept> parameters. The -policy parameter uses the organization name and division name in your policy file to generate the CSR.  If you use the -policy parameter and the -org and -division parameters, the values in the policy file will override the -org and -division values.

3. Access the Managed PKI RA enrollment Web page at the appropriate URL: https://onsite.pki.digicert.com/OnSiteServiceEnrollRA.htm
4. Paste the contents of the racert.req file into the CSR field. Fill in the rest of the information on the page, and submit the request
5. Contact Authentication Services to have the request approved at 800 579-2848 option 1,1
6. Once approved, You will receive an email response containing your RA certificate. Save the attached file as cert.509 in your signers directory
7. Using a text editor, ensure that <RARoot>/signers/vsautoauth.conf includes a reference to the path ../signers/cert.509Restart your Automated Administration Service.