PKI_123

I'm not sure if this can help you solve your problem : AD Publisher

You might have to re-configure TLS once the Management CA is online again.

Humn, The default ManagementCA crypto token come with this key: encryptKey. you can try to generate it on the crypto token: Enter the keypair name encryptKey, select the algorithm and size then click Generate New Keypair. Then try to renew the CA again.

Humn, The default ManagementCA crypto token come with this key: encryptKey. you can try to generate it on the crypto token: Enter the keypair name encryptKey, select the algorithm and size then click Generate New Keypair. Then try to renew the CA again.

I think you should activate the CA: CA Functions > CA Activation > Activate CA (Crypto token and CA Service Action) Then try to renew again.

Before changing the crypto token, did you confirm that CryptoToken -367522817 does not exists ? To create crypto token: 1. Under CA Functions click Crypto Tokens. 2. Click Create new ... 3. Enter name (for example CT_MGMT), password, type ... etc then click on Save. 4. Enter the keypair name signKey, select the algorithm and size then click Generate New Keypair. 5. Enter the keypair name defaultKey, select the algorithm and size then click Generate New Keypair. 6. Enter the keypair name testKey,...

Before changing the crypto token, did you confirm that CryptoToken -367522817 does not exists ? To create crypto token: Under CA Functions click Crypto Tokens. Click Create new ... Enter name (for example CT_MGMT), password, type ... etc then click on Save. Enter the keypair name signKey, select the algorithm and size then click Generate New Keypair. Enter the keypair name defaultKey, select the algorithm and size then click Generate New Keypair. Enter the keypair name testKey, select the algorithm...

Well it seems that you've deleted the crypto token. I would suggest that you create a new crypto token (with signKey, testKey and defaultKey) With the command line link the new crypto token to the CA: bin/ejbca.sh ca changecatoken --caname <CA_NAME> --cryptotoken <NEW_CRYPTO_TOKEN> --execute Renew the CA and revoke the old CA certificate.