Digital certificate management system, digital certificate management apparatus, digital certificate management method, update procedure determination method and program

1. An update procedure determination method that, in a client/server system constructed by nodes (one or more clients and one or more servers) that perform communications with each other over a communication channel established based on mutual authentication using digital certificates, determines an update procedure for updating, by a digital certificate management apparatus capable of communicating with each of the nodes, a key that is a certification key for verifying a digital certificate used for the mutual authentication by each of the nodes constructing the client/server system, and stored in each of the nodes that become communication parties of the node, wherein the digital certificate management apparatus determines the update procedure such that the update procedure includes a step of transmitting a new certification key for updating and/or a new certificate to each of the nodes that are target nodes and performing mutual authentication using a certification key to be updated based on information of each of the nodes, the information including a communication party of the node, whether the node functions as a client or a server with respect to the communication party, and a certification key used when performing the mutual authentication with the communication party, wherein, when determining the update procedure, a step of creating an order to perform the step of transmitting the new certification key for updating and/or the new certificate on each of the nodes that are the target nodes is performed, and wherein, in the step of creating the order, one of the nodes that are the target nodes is first added to the order, each node that is added to the order is then sequentially taken as a node of notice, and when there is a node that is a communication party performing mutual authentication using the certification key to be updated with the node of notice and is not added to the order, it is determined for each communication party whether the node of notice functions as a client or a server when communicating with the communication party, and when the node of notice functions as the client, the communication party is added to the order such that the communication party is later than the node of notice, and when the node of notice functions as the server, the communication party is added to the order such that the communication party is earlier than the node of notice.