7.3 Certificate Renewal

Ensure that you renew certificates before it gets expired. Your security needs might allow for a longer or shorter period. You can configure to get certificate expiration notifications.

For more information, see Getting the Certificate Expiration Notification in the NetIQ Access Manager 4.2 Best Practices Guide.

When you install Administration Console, the NAM-RP certificate is automatically generated and associated with NAM-RP Reverse Proxy (Devices > Access Gateways > [AG-Cluster] > [NAM-RP]).

Access Manager renews test-* certificate for both primary and secondary Administration Console including the edir certificate on secondary Administration Console automatically.

Certificates created manually by using Access Manager CA does not get renewed automatically.

Perform the following steps to renew manually created certificates. Lets assume that a certificate with the alias signing in the Identity Server signing keystore is about to expire.

  1. Create a new certificate. (Security > Certificates > New)

  2. Add the new certificate to the keystore with the alias of the certificate that will expire (signing). (Actions > Add Certificate to Keystores)

  3. Select the option to overwrite.