When your CA-signed server certificate (public key and private key) expires, renew it by using this procedure.
You can use DSCC to perform this task. For information, see Directory Service Control Center Interface and the DSCC online help.
Obtain an updated CA-signed server certificate from your Certificate Authority.
When you receive the updated certificate, stop the server instance and install the certificate.
$ dsadm stop instance-path $ dsadm renew-cert instance-path cert-alias cert-file
Restart the server instance.
$ dsadm start instance-path