The steps to take to extend the dates on a certificate vary depending on where the certificate was generated and how it was signed.
If the Certificate was generated on site and signed by a local CA, meaning a CA certificate also generated on site, then the following steps can be taken to extend the date.
**Step one insures that if any mistakes are made that the original certificate
can be obtained and put back into place**
- Backup the certificate about to expire.
TSS EXPORT(usera) DIGICERT(SERVER) DCDSN(usera.SERVER.P12)
- GENREQ the certificate to a dataset.
TSS GENREQ(usera) DIGICERT(SERVER) DCDSN(usera.SERVER.P10)
- Generate a new temporary certificate with a new NADATE and sign it with the expiring certificate.
TSS GENCERT(usera) DIGICERT(TEMP) DCDSN(usera.SERVER.P10) NADATE(02/01/24)
- Export the certificate to a dataset:
TSS EXPORT(usera) DIGICERT(TEMP) DCDSN(usera.TEMP.DER) FORMAT(CERTDER)
- Remove the temporary certificate.
TSS REMOVE(usera) DIGICERT(TEMP)
- Replace the expiring certificate with the new certificate that has a new expiration date.
TSS REP(usera) DIGICERT(SERVER) DCDSN(usera.TEMP.DER) TRUST
- Recycle any address space(s) that reference a keyring with the new certificate.