<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN"> <HTML> <HEAD> <META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=us-ascii"> <META NAME="Generator" CONTENT="MS Exchange Server version 6.5.7654.12"> <TITLE>Manually Replacing Server Certificates + Profiles</TITLE> </HEAD> <BODY>  Using CS 8.0, I'm interested in replacing (not renewing) all the server certificates for every subsystem (CA,TKS,DRM,TPS). The solution I had planned on using was to painstakingly use certutil to generate certificate requests, sign then, and import them back into the subsystem cert db with identical cert nicknames. Is there an easier way to do this (other than reinstalling+rerunning the create wizard)? I can attempt to use pkiconsole to replace certificates and automatically send them to the CA's ee page, but that seems to be erroring repeatedly. Using the certutil method, I'm unsure of which CA profiles to use when signing some of the server certificates certificates. For example, when replacing the TKS's 'subsystemCert' or 'Server-Cert' using the CA's 'manual server certificate enrollment' profile, I don't a get a cert with identical extensions as the original TKS 'subsytem cert'. Which profile does the CA use at TKS creation-time for these certs? Thanks Patrick Raspante Software Engineer General Dynamics C4 Systems Work: 781-455-2399 This message and/or attachments may include information subject to GDC4S O.M. 1.8.6 and GD Corporate Policy 07-105 and is intended to be accessed only by authorized recipients. Use, storage and transmission are governed by General Dynamics and its policies. Contractual restrictions apply to third parties. Recipients should refer to the policies or contract to determine proper handling. Unauthorized review, use, disclosure or distribution is prohibited. If you are not an intended recipient, please contact the sender and destroy all copies of the original message. </BODY> </HTML>