How to renew a user certificate that is about to expire
Originally Published: 2002-12-17
Article Number
Applies To
Keon Registration Authority 6.0.2
Issue
Several user certificates are about to expire
Resolution
1. The administrator or vettor can send an email notification to the user just before the user's certificate is due to expire using the "cert-expiry-notify.xuda template". This template enables CA Administrators to enter a certificate expiry date range for a specific CA. The default certificate expiry range is one month from the day of the CA Administrator?s query. All users whose certificate is within the range specified by the administrator will be emailed.
Administrators and Vettors connect directly to the notification template using the following URL:
https://<host.subdomain.com>:<administration-port>/ca/cert-ops/cert-expiry-notify.xuda
NOTE: The solution titled How to email a different link to users with certificates about to expire describes how to forward the users to the enrollment server if necessary (using the default configuration is the preferred solution).
2. The user can connect directly to the enrollment server using a Web browser to renew the certificate without vettor intervention.
a. The administrator or vettor should define the ?Certificate Renewal Policies? in the corresponding Jurisdiction(s) to allow the manual renewal of end-entity certificates that are about to expire. The policies can be set as follows:
- In the KCA Web interface, go to the "CA Operations" workbench
- On the left pane, select the CA that you want to edit
- On the right pane, under the "Jurisdictions Configuration:" heading, select the Jurisdiction to edit and click on "Configure"
- Select "Certificate Renewal Policy" from the "Sections" drop-down list on the Jurisdiction Configuration page
- Consult page 126 of the "RSA Keon Certificate Authority 6.0.2 - Administrator?s Guide" regarding how to configure the policies
b. The user can use the following procedure to renew their certificate:
- Using a Web browser, connect to the enrollment server
- Under the "Jurisdiction Operations" heading, select a Jurisdiction from the drop-down list and click "Continue"
- Click the Re-issue your client certificate link
- Click OK on the dialog box
- When prompted to select a certificate, select the one that will be renewed
- Click on "Renew Certificate"
- Click "Install Client Certificate"
- Click on "Install" and, if prompted, allow the Active-X control to be downloaded
3. The administrator or vettor can manually renew any user certificate, in this case the "Certificate Renewal Policies" do not apply:
a. The following procedure can be followed to manually renew the certificate:
- Go to the "Certificate Operations" workbench
- On the left pane, under the "Requests" heading, click on "Approved"
- Select the appropriate Jurisdiction and look for the certificate to be renewed (listed as Approved)
- Review and edit the information in the certificate request, if necessary
- If profiles are available, select a profile from the list
- Click Issue Certificate
- If you selected any certificate profiles, enter the appropriate values for each extension
- Click on "Create Certificate"
NOTE: If Keon Web PassPort was used to enroll for the certificate, review the solution titled Error: 'req-authorize.xuda: Line 506: [XrcNOTFOUND] unable to locate requested member or object. Unable to sign certificate [unable to locate requested member or object]' for further information.
Related Articles
Unable to renew certificate after clicking on a link to auto-renew-certificate.xuda page in email notification Number of Views How to renew SSL server certificates with RSA Certificate Manager Number of Views DLP How to renew Enterprise Manager self signed certifcate Number of Views Unable to renew certificate from web enrollment server Number of Views How to renew DLP Network Controller Certificate Number of Views
Trending Articles
Passwordless Authentication in Windows MFA Agent for Active Directory – Quick Setup Guide RSA Authentication Manager 8.9 Release Notes (January 2026) RSA Authentication Manager Upgrade Process RSA Authentication Manager 8.7 SP2 Setup and Configuration Guide An example of SSO using SAML and ADFS with RSA Identity Management and Governance 6.9.x
Don't see what you're looking for?
