Resetting the Validity for a Policy when Data Encryption is Set

When data encrytion is enabled, the steps used to reset the validity of a policy, token, or domain credentials are different.

1. From the old Policy file, copy the private key in a txt file(say pk.txt). The private key lies between the following statements:

   ---BEGIN ENCRYPTED PRIVATE KEY----
   ----END ENCRYPTED PRIVATE KEY----

2. Run the following command:

   openssl req -new -key pk.txt -out newPK.csr

   1. Provide your domain identity password when you are prompted for a password. For example, when you see a prompt like this - Enter pass phrase for pk.txt, enter your domain identity password .
   2. For other prompts, press Enter.
3. Run the following command:

   openssl x509 -req -days 365 -in newPK.csr -signkey pk.txt -out newSignedPK.crt

   Note: In the command mentioned, you can change the number of days to suit your requirements.
   1. Here again, provide the domain identity password.
4. In an editor, open newSignedPK.crt and copy the content
5. Paste the content in your policy file between the following statements:

   ----BEGIN CERTIFICATE----
   ----END CERTIFICATE----

6. Restart your domain controllers, and run the following command to verify the date:

   openssl s_client -connect localhost:50000|openssl x509 -noout -dates [localhost:50000 is your domain
    controller listening ip and port]

7. Recreate token files, and restart all domain requestors.