CAPF is only used in a mixed-mode cluster where you are using a CTL file and doing authentication or encryption with endpoints and trunks. If your cluster shows Cluster Security Mode = 0 under System > Enterprise Parameters, then you are not doing this and the CAPF process is irrelevant. In that case, it shouldn't even be activated in fact.
If you are running in mixed mode then you need to proceed far more cautiously. This is the certificate that signed all endpoint LSCs and needs to be very carefully replaced. The Security Guide would be a good place to start understanding this feature.