How to create a new Root certificate for CCS in Certificate Management Console
Article ID: 195755
Updated On:
Products
Issue/Introduction
The Root certificate is created once during the CCS Install. If the certificate is ever expired or the Root password is lost. A new one can be created in the Certificate Management Console.
Resolution
Creating the Root certificate is not in an option in the default menu of the Console. Open command prompt and change directories to the Certificate Management Console folder. It's recommend that the Console is run as the CCS Service account. The Console would prompt for the Cert Root password if not and it would only run with a CCS Administrator account.
Default Location:
Symantec\CCS\Reporting and Analytics\Certificate Management Console
Then run the following command to open CertificateMgrConsole in a mode where you can create a root certificate.
Command:
CertificateMgrConsole.exe command=CreateRootCertificate
The menu should look as below. Here you can select and input the settings/options. Once done, select the "Create Root Certificate" button.
Note: Creating a new root certificate will invalidate the existing certificates for every component in CCS installation, so they ALL would have to be recreated. This goes for the Manager certs as well. Once recreated they would have to be imported to each manager using the SymCert utility.
Additional Information
Please see the official document for more information.
https://techdocs.broadcom.com/us/en/symantec-security-software/information-security/control-compliance-suite/12-6-0/ccs-support-matrix-v123000389-d8e133191/ccs-application-server-root-certificate-v122962995-d8e231549.html
Feedback
