Reconfigure the PDCA on the runtime systems

After reconfiguring the policy server and transfering the newly generated PDCA certificate to each runtime system, reconfigure the PDCA on the runtime systems.

Steps

1. Stop all Security Verify Access services that are running on the system:

   • AIX, Linux, and Solaris operating systems:
     pd_start stop

   • Windows operating systems:
     drive:\net stop servername

     Stop each Security Verify Access service. For example, to stop the policy server, type:

     C:\net stop IVMgr

2. Configure the ISAM runtime with the bassslcfg -config utility. For example, enter the command but replace the values for the -c and -h options.
   /opt/PolicyDirector/sbin/bassslcfg -config -h policysvrhostname -c /var/PolicyDirector/keytab/pdcacert.b64

3. Run the svrsslcfg -chgcert command for the authorization, proxy, and resource servers and for any other C API applications that use svrsslcfg -config. This example is for the authorization server:
   svrsslcfg -chgcert -f /opt/PolicyDirector/etc/[instance-]ivacld.conf -P *** -A sec_master

4. Start the ISAM services on the computer:
   pd_start start

5. Reconfigure the certificates of any other ISAM Java™ applications on the policy server. See Reconfiguring the certifications of ISAM Java applications.

What to do next

Reconfigure the certificates of any Security Verify Access Java applications. See Server certificate revocation.

Parent topic: Regenerating certificates