Hello,

I have been told from our IT team that they are switching PKI servers for our company Domain Controllers (I'm told these Certs are used for LDAP). Currently they have the new and old PKI connected to the Domain controllers, but they want to remove the old PKI server soon so I am trying to change the Root CA to the one associated with out new PKI.

I see in the RSA Operations Console there is a page for Identity Source Certificates, Application Trust Certificates, Console Certificate Management, and Virtual Host Ceritificate Management. Would I only need need to add the Root CA to the Identity Source or would I need to add it to the other sections as well (Application Trust, Console Certificate, Virtual Host)? I also wanted to ask if I can have both Root CAs active or if I would need to delete the old one?