1) Stop the CA Directory - itechpoz service 

2) Backup these folders:

C:\Program Files\CA\Directory
C:\Program Files\CA\SC\EmbeddedEntitlementsManager
C:\Program Files\CA\SC\iTechnology

3) We need the server certificate, intermediate certificate, root certificate AND the private key

If we have the keystore from the customer that contains the private key and the server certificate then use the following commands to extract the private key and server certificate

 openssl pkcs12 -in .keystore.PKCS12 -nocerts -out encrypted-private.key

 openssl pkcs12 -in .keystore.PKCS12 -clcerts -nokeys -out server-cert.pem

 openssl rsa -in encrypted-private.key -out itechpoz.key

Customer needs to provide the intermediate and root CA 

4) In admin Command Prompt navigate to the following directory:

C:\Program Files\CA\Directory\dxserver\config\ssld

5) List all certs in the keystore

Dxcertgen listca

Remove the default rootca

# in my case the certnumber was 0
# dxcertgen -r 0 removeca
# dxcertgen -r 1 removeca
# dxcertgen -r 2 removeca

Confirm with 
Dxcertgen report

6) Copy itechpoz.key and server-cert.pem from step 3 to C:\Program Files\CA\Directory\dxserver\config\ssld

7) Import the server cert

 dxcertgen -D itechpoz -n server-cert.pem certmerge

Successful certmerge:

8) Import the root cert

 dxcertgen -n root.crt importca

9) Import the intermediate cert

dxcertgen -n intermediate.crt importca

 
10) Start CA Directory services

If the above steps were successful, then CA Directory Services should start