When your CA-signed server certificate (public key and private key) expires, renew it by using this procedure.
Obtain an updated CA-signed server certificate from your Certificate Authority.
When you receive the updated certificate, stop the server instance and install the certificate.
$ dsadm stop instance-path $ dsadm renew-cert instance-path cert-alias cert-file
Restart the server instance.
$ dsadm start instance-path