Hi,
Now the
validity of my root Certificate ends and I dont want to completely
reset
the CA/RA.
The question is : Is it possible to simply create a new certificate
request from the existing root certificate, selfsing it, and
install it
as new root certificate?
I don't know what side effects this would have on the existing
installation.
Expect problems.
If yes : I think I will have to install the new root certificate and
the crl on my Apache, but will my old SSL Client certificates still be
valid for authentification if I have two root certificates in my
ca-bundle file containing the same subject?
If this idea is possible, what is the easiest way to do that?
You can add any number of trusted roots into the Apache CA bundle,
all hierarchies below the trusted roots will then be accepted by
mod_ssl.
CA Rollover is a tricky thing. During the last OpenCA workshop I held
a presentation about the topic, it might help you. The slides are
available online.
cheers,
Martin
-------------------------------------------------------
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
_______________________________________________
Openca-Users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/openca-users
