Step

Description

Initial Conditions

The update is triggered when the CertificateManager needs to update a Certificate as part of a larger workflow.

The CertificateGroupId and CertificateTypeId are determined by the containing workflow.

Certificate Exists?

An existing Certificate may not be assigned to the CertificateType slot or it may not have field values that meet the requirements of the CertificateManager. If a useable Certificate does not exist a new self-signed Certificate is generated.

CreateSelfSignedCertificate

This Method creates a new self-signed Certificate using field values provided by the CertificateManager.

This Method may not be implemented by all Servers.

If this Method is available, it allows the CertificateManager to specify all of the key fields, such as the DNS names, in the Certificate. This is important when the CertificateManager configures Endpoints as described in 7.7.5.

CreateSigningRequest

This Method creates a new CertificateRequest that is signed with a PrivateKey owned by the Server.

If requested, the Server generates a new PrivateKey but uses the field values from the existing Certificate.

Some Servers may not have the resources to generate PrivateKeys. This step is skipped when this is the case.

Request Certificate from Issuer

The CertificateManager requests a new Certificate from the Issuer.

The CertificateManager generates a PrivateKey on behalf the Server if the Server cannot generate its own PrivateKeys.

UpdateCertificate

This Method allows the CertificateManager to upload a new Certificate and PrivateKey (if not generated by the Server) to the Server.

The Server may set the applyChangesRequired =TRUE to indicate that ApplyChanges needs to be called.