How to call Certicates/Import to replace keys and certificates

If you are using the POST Certificates/Import method to replace certificates and keys that are in Trust Protection Platform, consider the following recommendations:

  • Review the settings on the Policy folder. For example, you can confirm How Certificates/Import assigns Certificate Type.
  • To replace a certificate, specify the folder name as the PolicyDN and the certificate name as the ObjectName. Both names require an exact match. otherwise a new certificate generates. If the previous certificate included a private key, include the same private key.

  • To replace only the private key for an existing certificate, import the same certificate with a different private key.
  • To reuse the private key, check the appropriate policy. Make sure the Allow Users to Import Duplicate Certificates and Reuse Private Keys on the policy Certificate tab are set to Yes.

    NOTE  Certificates/Import rejects any private key that could cause a certificate mismatch. For example, if a private key is already in use by another certificate, an error occurs.

  • After the import, review the certificate in the Policy folder. To review archive information about the old certificate, use the Certificate History tab.