The following document explains how to re-generate the Symantect Directory Manager server certificate on Linux:
https://techdocs.broadcom.com/us/en/symantec-security-software/identity-security/directory/14-1/administrating/troubleshooting-ca-directory/creating-directory-manager-certificates-after-expiration.html#concept.dita_db7516a1-cc62-43ef-91dc-9c91309f6867_DirectoryManagerCACerts
Symantect Directory Manager installation also includes SCIM server.
SCIM client certificate expires at the same time as Directory Manager server certificate, but it is not explained how to re-generate it.
Please note that the above document explains how to generate SCIM client certificate on Windows, only the information for Linux installations is missing.
Please follow these steps to re-generate expired SCIM client certificate:
$ ./generate_cert_key.sh
Please provide a base name for your key and certificate files
scimclientcert
Are you requesting a certificate for your dxagent client (1) or for your dxagent server (2) ?
1
Please provide a password for the PKCS12 file
<password>
Generating a RSA private key
......+++++
..................................................+++++
writing new private key to '/opt/CA/Directory/dxserver/media/linux_x86_64/management-ui/install/openssl-ca/out/scimclientcert.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) []:AU
State or Province Name (full name) []:Victoria
Organization Name (eg, company) []:CA Technologies
Organizational Unit Name (eg, section) []:CA Directory
Common Name (eg, your dxagent client name or your dxagent servers hostname) []:SCIM for <hostname>
Using configuration from /opt/CA/Directory/dxserver/media/linux_x86_64/management-ui/install/openssl-ca/openssl-ca.cnf
Check that the request matches the signature
Signature ok
The Subject's Distinguished Name is as follows
countryName :PRINTABLE:'AU'
stateOrProvinceName :ASN.1 12:'Victoria'
organizationName :ASN.1 12:'CA Technologies'
organizationalUnitName:ASN.1 12:'CA Directory'
commonName :ASN.1 12:'SCIM for hostname'
Certificate is to be certified until Sep 9 01:17:42 2023 GMT (365 days)
Write out database with 1 new entries
Data Base Updated
Your certificate and key are stored in the PKCS12 file - /opt/CA/Directory/dxserver/media/linux_x86_64/management-ui/install/openssl-ca/out/scimclientcert.p12
Your certificate is stored in file - /opt/CA/Directory/dxserver/media/linux_x86_64/management-ui/install/openssl-ca/out/scimclientcert.pem
Your private key is stored in file - /opt/CA/Directory/dxserver/media/linux_x86_64/management-ui/install/openssl-ca/out/scimclientcert.key
$
File
|
Destination
|
---|---|
scimclientcert.key
scimclientcert.pem
|
$DXUIHOME/api-server/certs
|
scimclientcert.key
scimclientcert.pem
scimclientcert.csr
scimclientcert.p12
|
$DXUIHOME/out
|