Chris Covell wrote: > Guys, I have just been checking my certifciates and noticed that the CA > certificate's CRL distribution point is "localhost". I presume that this is > because I have got the initial configure file to install the web components > to localhost as this is a stand alone machine.
AGAIN: --*-host etc. is the public server at every time. All links in the CA are relative so if you enter a hostname then it is at every time the public server! The links don't need the servername. > Is there any way i can reissue the CA certifciate (after modifying the CA > extension file) without completely trashing the environment ? I realise that > I will have to republish the CA cert to the RA web server and get my users to > go and get the new cert again but will I have to issue new user certificates > ? If you don't touch the DN of the root-cert, the keypair of the root-cert and the other data (especially the serial of the CA-cert) which you stored in the user-cert then you can renew the CA-cert. But test this with one user first before you start doing this. Michael P.S. I think the CRLDistributionPoints of the user-certs are wrong too, right? -- ------------------------------------------------------------------- Michael Bell Email (private): [EMAIL PROTECTED] Rechenzentrum - Datacenter Email: [EMAIL PROTECTED] Humboldt-University of Berlin Tel.: +49 (0)30-2093 2482 Unter den Linden 6 Fax: +49 (0)30-2093 2959 10099 Berlin Germany http://www.openca.org ------------------------------------------------------- This sf.net email is sponsored by: viaVerio will pay you up to $1,000 for every account that you consolidate with us. http://ad.doubleclick.net/clk;4749864;7604308;v? http://www.viaverio.com/consolidator/osdn.cfm _______________________________________________ Openca-Users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/openca-users
