If you're setting up a new VA for an already existing PKI (with issued certificates), you should synchronize the new VA to the current state. To do this:
- In the CA UI, go to Peer Systems.
- Click Manage for the peer connector representing the VA and select the Certificate Data Synchronization tab.
- Configure the relevant subset of information to synchronize and click Start to initiate the synchronization as a background task. The progress can be followed either in this view or in the Peer Systems overview.
The connecting system needs to be authorized to the /peerincoming /peerpublish/readcert /peerpublish/writecert /ca/[CAName]
access rules to be able to check synchronization data and push missing or outdated certificate entries