IMHO I should be able to create a new certificate up to 1 year prior to expiration of the old one and during the overlap period, ROAs signed using either certificate should validate.
Owen > On Nov 1, 2017, at 19:12, Mark Kosters <[email protected]> wrote: > > Hi Andrew > > That was a good question – one that merited a bit of research on our part. > Here’s what we have. > > Yes, ROAs can not be created with dates past the expiration of the hosted > certificate. > > As for what to do when the time approaches where the hosted cert needs to be > renewed, we are wondering what you (and others) would prefer as a way going > forward? > > Thanks, > Mark > > On 10/23/17, 9:48 AM, "arin-tech-discuss on behalf of Andrew Gallo" > <[email protected] on behalf of [email protected]> wrote: > > Greetings: > > A question came up at an Internet2 meeting concerning hosted RPKI. > Specifically- what happens at the expiration of the Hosted Certificate? > > I see that the hosted certificate has a 10-year validity period, and > ROAs can not be created with dates past the expiration of the Hosted > Certificate. > > When the expiration of this certificate is approaching, what is the > procedure? Do we need to re-request Hosted Access? Regenerate ROAs? > Will there be an overlap period where both the expiring and new > certificates & ROAs will both be valid (to avoid any gaps in coverage)? > > Thank you. > > _______________________________________________ > arin-tech-discuss mailing list > [email protected] > http://lists.arin.net/mailman/listinfo/arin-tech-discuss > > > _______________________________________________ > arin-tech-discuss mailing list > [email protected] > http://lists.arin.net/mailman/listinfo/arin-tech-discuss _______________________________________________ arin-tech-discuss mailing list [email protected] http://lists.arin.net/mailman/listinfo/arin-tech-discuss
