On Wed, 10 Mar 2004, Michael Bell wrote: > Alexei Chetroi wrote: > > > Does it mean to install a complete new PKI? Or ra and pub nodes should > > be pointed to the new CA? In the second case, how Cert. distribution > > points coexist? > > Yes, it means that you hav to setup a complete new PKI. You can install > the new interfaces on the same machine of course but I cannot recommend > to mix certificates of two hierarchies in one interface and you should > never issue certificates with the same serials like the old infrastructure.
Can one configure the initial serial number somewhere in order to avoid reusing serials? What about the CRL distribution points? Should one introduce new CRL distribution URIs for the new CA? How could it be gracefully handled in LDAP? Best regards, Jozsef -- E-mail : [EMAIL PROTECTED], [EMAIL PROTECTED] PGP key: http://www.kfki.hu/~kadlec/pgp_public_key.txt Address: KFKI Research Institute for Particle and Nuclear Physics H-1525 Budapest 114, POB. 49, Hungary ------------------------------------------------------- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click _______________________________________________ Openca-Users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/openca-users
