Renewing Certificates for the SubsystemsChapter 14 Managing CMS Keys and Certificates 4792. Ensure that the CA that signed the Registration Manager’s certificate is in thetrust database of the subsystem.When a Registration Manager does SSL client authentication using its renewedcertificate, the subsystem, as a part of validating the certificate presented by theRegistration Manager, checks its trust database for the CA (certificate) thatsigned the Registration Manager’s renewed certificate. If the subsystem doesnot find the CA as a trusted CA in its trust database, it rejects the RegistrationManager.For instructions on checking the trust database of a subsystem, see “Viewingthe Certificate Database Content” on page 482.m If you don’t find the CA certificate, add it to the database as a trusted CA.For instructions on adding a CA certificate to the trust database of asubsystem, see “Installing a New CA Certificate in the CertificateDatabase” on page 487.m If you find the CA certificate, verify its trust status. If it is untrusted,change the status to trusted. For instructions on changing the trust settingof a CA certificate, see “Changing the Trust Settings of a CA Certificate” onpage 485.Deploying Data Recovery Manager’s Renewed Transport CertificateBecause clients capable of generating dual key pairs use the transport certificate forencrypting end users’ encryption private keys before sending them to the DataRecovery Manager, you must update the appropriate enrollment or key archivalpage to identify and use the renewed transport certificate. Otherwise, the DataRecovery Manager will fail to archive users’ encryption private keys.In general, here’s what you need to do:1. Locate the page that embeds the key archival feature.2. View the HTML source, and identify the parameter that corresponds to theData Recovery Manager’s transport certificate.The default enrollment forms for end users embed this feature. Figure 14-3shows the default directory-based user enrollment form with the transportcertificate-related information. (For more information, see “Step C. Customizethe Certificate Enrollment Form” on page 733.)