Damm писал(а):могу ошибаться, но они на самом деле не используются и создаются просто для унификации (AG значит auto-generated)
Так и есть вот что пишет сам Новел
- Код: Выделить всё
NOTE: PKIDIAG will update the certificate information for the SSL Certificate DNS, and SSL Certificate IP objects associated with your servers. The IP AG certificate for your server, which is created by default during a server install, will not be updated. That certificate was created but not used for any purpose (by default) and can simply be deleted. Other Certificates you create manually, or for other purposes, such as through the Novell Identity Manager eDirectory Driver Certificate Wizard, will not be updated as well, you will need to delete them and create them as needed to get the new certificate information from your newly created Certificate Authority object.
NOTE: Server certificates that have been signed by an external CA such as VeriSign will continue to be valid and do not need to be replaced.
Взято от сюда How do I move the Organizational CA to another server?
