On Wed, Mar 10, 2004 at 09:51:17AM +0100, Michael Bell wrote: > Date: Wed, 10 Mar 2004 09:51:17 +0100 > From: Michael Bell <[EMAIL PROTECTED]> > To: [EMAIL PROTECTED] > Subject: Re: [Openca-Users] when the CA changes of key...... > > Pedro Jossi wrote: > > > >Hello to all! > > > >I consult them when the CA changes of key. ... > > > >It is possible with Openca to generate a new certificate for the CA > >before expire its old certificate, utilizing a new pair of keys? > >Leaving the certificate CA old for the firm of CRLs while certificates > >exist emitted with the old certificate > > You perfectly describes a new CA :) If you change the keys and the CA > certificate the you have a new CA. Please setup a new OpenCA in this > case. We do this too. > > You will have two CA in your case. One only issues CRLs and one issues > new certificates and CRLs. Please seperate these two systems. Don't mix > keys or certificates of different CAs in one system. It is no problem to > setup a second CA with OpenCA because OpenCA has not to be licensed :)
Does it mean to install a complete new PKI? Or ra and pub nodes should be pointed to the new CA? In the second case, how Cert. distribution points coexist? -- Alexei Chetroi ------------------------------------------------------- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click _______________________________________________ Openca-Users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/openca-users
