These consolidated steps should help address this problem as noted in recent advisory quickly
On each of Provisioning Server (where you typically have imps-router DSA running):
On each of Provisioning Directory Server (where you typically have impd-main, impd-inc, impd-co and impd-notify DSAs running):
Now back to main topic:
Main docops link: https://docops.ca.com/ca-identity-manager/12-6-8/EN/upgrading/upgrade-provisioning-components/update-your-provisioning-certificates
TEC1561732 link: https://support.ca.com/us/knowledge-base-articles.TEC1561732.html
(Note - if you experience a broken docOps link in above tec doc, please go directly to
Update Your Provisioning Certificates - CA Identity Manager - 12.6.8 - CA Technologies Documentation )
attached both set (SHA-1 and SHA-2) of certs to this doc for easy access
For IDMGR 12.6.04 and above, one can follow what is provided in docops.
For IDMGR 12.6.01 to 12.6.03 same instructions that is available in docops + KB TEC1561732
This KB replaces the jiam.jar section that is mentioned in docops instructions.
For IDMGR 12.5.x use the attached SHA-1 signed certs + KB TEC1561732