Nuno Miguel Neves wrote:
Hi.
When the root CA certificate expires, how is the PKI maintained? Is it
necessary to recreate ALL certificates?
If that is the case, it is preferable to issue the root CA with a long
life( 30 years), right?
This has to be thought of in the first place, for defining the root CA
lifetime.
there is quite a good redbook from ibm for this pki diskussion in
generel, it also discusses the timing-problems... for certs and
especially, for timeperiods of keeping private or private/public key
pairs... there is a neat figure in the document...
you will find it here:
chapter 4.1.5 Certificate and key lifetimes
the topic is discussed in very detailed...
figures 17 and 18 are summerising the things a litte
but just reading the whole chapter would be a good idea
also worth taking a look is chapter
3.6 The Certificate Lifecycle
source:
Deploying a Public Key Infrastructure
http://www.redbooks.ibm.com/redbooks/pdfs/sg245512.pdf
greetings
dalini
-------------------------------------------------------
SF.Net is sponsored by: Speed Start Your Linux Apps Now.
Build and deploy apps & Web services for Linux with
a free DVD software kit from IBM. Click Now!
http://ads.osdn.com/?ad_id=1356&alloc_id=3438&op=click
_______________________________________________
Openca-Users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/openca-users
