Renewing Superadmin

Renewing the superadmin certificate is done in the same way as for any client certificate and you can use either the Admin GUI or the CLI.

The superadmin certificate is normally issued as a PKCS#12 keystore, if not issued as a browser certificate for smart card enrollment.

Renewing Superadmin Using the Admin GUI

To renew superadmin using the Admin GUI, do the following:

  • Go to Search/Edit End Entities and search for user superadmin.

  • Click Edit End Entity.

  • Set a new password and set status to NEW, click Save.

  • Go to Public Web and then Create Keystore.

  • Enter superadmin username, and the password you gave.

  • In the next screen, select key length 2048 and click OK.

  • Your new superadmin keystore is downloaded and you can install it in your browser.

Renewing Superadmin Using the CLI

To renew superadmin using the CLI, run the following:

bin/ejbca.sh ra setendentitystatus superadmin 10
bin/ejbca.sh ra setclearpwd superadmin password
bin/ejbca.sh batch

Your new superadmin keystore is generated and stored in sudirectory p12. The password is password, as given to the setclearpwd command.