You will have two CA in your case. One only issues CRLs and one issues new certificates and CRLs. Please seperate these two systems. Don't mix keys or certificates of different CAs in one system. It is no problem to setup a second CA with OpenCA because OpenCA has not to be licensed :)
Does it mean to install a complete new PKI? Or ra and pub nodes should be pointed to the new CA? In the second case, how Cert. distribution points coexist?
Yes, it means that you hav to setup a complete new PKI. You can install the new interfaces on the same machine of course but I cannot recommend to mix certificates of two hierarchies in one interface and you should never issue certificates with the same serials like the old infrastructure.
Michael -- ------------------------------------------------------------------- Michael Bell Email: [EMAIL PROTECTED] ZE Computer- und Medienservice Tel.: +49 (0)30-2093 2482 (Computing Centre) Fax: +49 (0)30-2093 2704 Humboldt-University of Berlin Unter den Linden 6 10099 Berlin Email (private): [EMAIL PROTECTED] Germany http://www.openca.org
------------------------------------------------------- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click _______________________________________________ Openca-Users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/openca-users
