8. MSP admin rotation
When a MSP admin needs to be replaced, a new identity (that contains a new private key) has to be enrolled. However, in order to confirm the update, the old key (which is currently necessary until the transaction takes effect) has to be used for authentication reasons.
First, a new identity has to be created.
Rotate MSP Admin - Identity creation
Then the new identity just created must be used.
Navigate to Your MSP on the left panel of your dashboard and click on Edit on your MSP
Rotate MSP Admin - Edit MSP
Once in the Edit MSP menu, scroll down to Admin Identity Certificates and add the identity just created. check the box with the option to use this admin identity by default.
Rotate MSP Admin - Set new admin identity
From this moment on, both Identities are being used as admin identities as shown under the Admin certificates sections on your MSP.
The previous (old) identity can be thrown away using the newly created one as a single Admin identity.
Now we must revoke the previous one.
Navigate to CAs on the left panel, pick the Identity that is going to be revoked and execute the Revoke action for the old identity.
Rotate MSP Admin - Revoke old certificate