1. In the Domino Administrator, click Configuration - Certification - Rollover Certifer Keys.

2. In the Generate New Certifier Key dialog box, click Directory Server and specify a registration server in the list box that appears.

3. Click ID file. In the Choose Certifier ID dialog, select the certifier ID file for which you want to assign new keys.

4. At this point, the options in Generate New Certifier Key dialog box change, depending on whether you chose a top-level certifier ID or an intermediate one.

• If you chose a top-level certifier ID, the Generate New Certifier Key dialog now has the following information:

"The selected certifier is a top-level certifier and will re-certify itself."

Click OK. This generates the new key pair and adds it to the top-level certifier ID.

• If you chose an intermediate-level certifier ID, the Generate New Certifier Key dialog now has the following information:

"The selected certifier is not a top-level certifier and must be recertified by its parent certifier."
1. Click "Certify Using..." The Choose a Certifier dialog box appears.
2. Choose one of the following:
• "Supply certifier ID and password" to select the certifier ID of the parent certifier for the target CA ID file.
• "Use the CA process" to send a request to the Admin Process database on the registration server so that the certificates will be issued by the CA process.
1. Click OK. This generates the new key pair and adds it to the top-level certifier ID.

Glossary