Technical Documentation

Configuring Automatic Reenrollment of Digital Certificates

You can configure automatic reenrollment for digital certificates. This feature is by default not enabled. To configure automatic reenrollment for digital certificates, include the auto-re-enrollment statement at the [edit security pki] hierarchy level:

[edit]security {pki {auto-re-enrollment {certificate-id certificate-name {ca-profile ca-profile-name;challenge-password password;re-enroll-trigger-time-percentage percentage; # Percentage of validity-period
# (specified in certificate) when automatic
# reenrollment should be initiated.
re-generate-keypair;validity-period number-of-days;}
}
}
}

Published: 2010-04-15