Thanks for the help, i will start a new CA as soon as posible. How long expiration time should be ok for a corporate ca cert, 20 or 30 years?
Seems that verisign and entrust use 20 or 30 years for their ca certs. Thanks again, Jaime. On Mon, 25 Oct 2004 14:58:54 +0200, Oliver Welter <[EMAIL PROTECTED]> wrote: > Hi Jaime, > > > Were is 0.9.2 as stable? i see it on snapshots but not in releases > > We are moving the website and the whole management stuf currently - sorry... > You have to checkout the Branch release vom CVS > cvs -z3 -d:pserver:[EMAIL PROTECTED]:/cvsroot/openca co -r > openca_0_9_2_0 openca-0.9 > > I hope we can release a tar file this week.... > > > Also i cannot setup a new ca, because i still need to maintain issued > > certificates, there isnt a way to maintain both? as is said here? > > You have to keep two systems up and running, but you have to do so > always, because you must keep your old keys to sign CRLs and process > revokes (most applications require that the crl is signed with the same > key than the certificate itself) > Reusing the keys is a security riks and can lead to confusion with some > applications when two certificates with the same key appear - the only > possilbe solution (I know of) is to reuse the keys and issue a > certificate with the same DN - but this is NOT advisable from a security > point of view.... > > > > Oliver > > -- > Diese Nachricht wurde digital unterschrieben > oliwel's public key: http://www.oliwel.de/oliwel.crt > Basiszertifikat: http://www.ldv.ei.tum.de/page72 > > > ------------------------------------------------------- This SF.net email is sponsored by: IT Product Guide on ITManagersJournal Use IT products in your business? Tell us what you think of them. Give us Your Opinions, Get Free ThinkGeek Gift Certificates! Click to find out more http://productguide.itmanagersjournal.com/guidepromo.tmpl _______________________________________________ Openca-Users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/openca-users
