Moving eDirectory CA on Linux

There may come a time where it is necessary to remove the server housing your Certificate Authority for your eDirectory Tree.  If so, you must relocate your Certificate Authority to a new server in the tree.

This process assumes that the CA is healthy and you have admin level rights.

1. In iManager 2.6 | Directory Administration | Modify Object | select your CA object under the Security container
2.  Under the Certificates tab | Public Key Certificate | Export
3.  Yes, you want the private key! | Next
4.  Enter a password greater than 6 characters (this password will only be used to encrypt the CA export) | Next
5.  Save the exported certificate to a file | select a location on your local machine | Close
6.  Under the Directory Administration roll | Delete Object | select your CA object under the Security container and delete it.
7. In a shell on the server you want to be your NEW CA. Run ndsconfig add -m SAS     This will create a new CA in your tree with this server as the owner.
8.  In iManager | Directory Administration | Modify Object | select your CA object under the Security container | under the Certificate tab | Public Key Certificate | Replace | You will be prompted for the location of the file exported in step 5. | enter the password you entered in step 4.
9.  Click Validate to verify the process was successful.