Page created: 6 Nov 2019 |
Page updated: 25 Mar 2020
Retire the previous certificate by removing it from the topology registry after it expires, as follows:
$ dsconfig -n set-server-instance-prop \ --instance-name <instance-name> \ --set "inter-server-certificate<chain.crt"
Existing encrypted backups and LDIF exports remain unaffected. Because the public key is the same in the previous and new server certificates, the private key can decrypt them.