Yihua Zheng wrote:
Thanks Til,I test renew certificate.But is can not read the old email
that that encrypted with the old certificate.But I am not confirm this
result,so I email to you to see if you do this before.-:).
I think it is can't work now.but I think this problem is not come from
the renew certificate itself.Because the email that encrypted by the
renew certificate can by read use the old key.I think the problem comes
from email client,just like outlook,when outlook decrypte email.He want
to find the certificate that encrypted this email.but can't find,so it
can't decripted this email.But I don't comfirm my guess is right.-:)
Best Regards.
2006/5/29, Obes, Til <[EMAIL PROTECTED]
<mailto:[EMAIL PROTECTED]>>:
> I have a question about the you renew certificate, when you
> use the renew certificate and delete the expired certificate
> (or old certificate), can you see the old email that encrypted
> with the old certificate? thanks!
That is exactly the reason why you want either to backup your old keys
or use a repository for the old keys.
Imagine you sign a contract with a key, revoke the certificate and
delete the key. You contactor cold never prove the authenticity and
integrity of the contract.
I have read that there are even laws for that (at least here in germany)
to store all old keys ever issued to customers/clients for several
(maybe 10 or 20 ?) years.
It seems that openCA doesn't support backup of old keys, but you can put
them away through other means. I will choose subversion for that,
correlating svn revision number with certificate/key serial number
somehow. But I am at the very beginning with OpenCA.
Greetings,
Robert
-------------------------------------------------------
All the advantages of Linux Managed Hosting--Without the Cost and Risk!
Fully trained technicians. The highest number of Red Hat certifications in
the hosting industry. Fanatical Support. Click to learn more
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=107521&bid=248729&dat=121642
_______________________________________________
Openca-Users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/openca-users
