> Sounds like we either tear out our entire PKI infrastructure and start > again, or I have to bring up a RA... Well, that's a hard choice ;-/
Just a thought: I think it should be possible for you to create a "second" CA certificate with id 1, and sign it with your first CA, and generate use that second CA to sign cisco's certs, in that way the chain is preserved and everyone is happy. Then you can start moving away from the initial CA at your pace. Carlos ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
