Transfer the PDCA certificate to other systems

After regenerating the PDCA certificate, we can transfer the PDCA certificate to each system in the domain. In this case, our business security policy requires trusted transport of the PDCA signer certificate to the target machine. The network between the policy server and the target system contains untrusted segments.

If auto-download is disabled, manually copy the file to each system. If the File Transfer Protocol (FTP) is supported in the environment, use one of the following FTP options:

• Use the put command from the policy server to transfer the certificate to the other system.
• Use the get command from the other system to retrieve the certificate from the policy server.

The following steps assume the pdcacert.b64 certificate is retrieved from the policy server:

Steps

1. Change to the local directory on the policy server containing pdcacert.b64 file:
   cd /var/PolicyDirector/keytab

2. Connect to the runtime system by opening an FTP session. To illustrate, pdruntime1 is the name of the runtime system.
   ftp pdruntime1

3. Log on to the remote system with the appropriate user ID and password.

4. Change to the directory where we want to store the certificate. Assuming the default directory is on a AIX, Linux, or Solaris operating system, enter the following FTP command:
   cd /var/PolicyDirector/keytab

5. Indicate the file to be transferred is a text (ASCII) file:
   ascii

6. To view the transfer process visually:
   hash

7. Start the transfer by running:
   put pdcacert.b64

8. After the transfer completes, end the FTP session:
   quit

Parent topic: Regenerating certificates