Yildirim Zaynal a e'crit : > Dear all, > > Current situation; > OpenCA version 0.9.2.5 > CA: using private key of 4096 bits.. > > Issue: Some applications doesnt support 4096 bit keylenghts => want to > sign certificates with 2048 bit CA key. > > Question: I dont want to install another openCA server, and i want to > use the same database for the certificates so that everything is more > clean an consistent. Is it possible to change the CA ( the public key > & private key ) without any problems? > The Certification Authority is the central pole of stability of any Public Key infrastructure So it cannot be changed Neither the public and private key can be changed Even the self-signed certificate must be issued for the expected duration of the installation So the only way to get the change you want is to erase the existing CA and build a new one from the scratch. The solution is very severe !!! In addition care must taken to how to deal with the already issued certificate
As an alternative you may imagine to create on the same a new sub-ca with a key of the right key length However since the sub-ca certificate must be signed by the root ca the problem of key length then arise when checking the sub-ca certificate IMHO you should check very carefully if yours applications cannot be parametrized so as it recognize the existing key I hope this helps Dominique > Or is it possible to have 2 private keys and choose which one to sign > with using openCA? > > Any comments/ideas are welcome. > > Kind regards, > > ------------------------------------------------------------------------------ > Come build with us! The BlackBerry® Developer Conference in SF, CA > is the only developer event you need to attend this year. Jumpstart your > developing skills, take BlackBerry mobile applications to market and stay > ahead of the curve. Join us from November 9-12, 2009. Register now! > http://p.sf.net/sfu/devconf > _______________________________________________ > Openca-Users mailing list > Openca-Users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/openca-users > > > -- Dr Dominique LOHEZ ISEN 41, Bd Vauban F59046 LILLE France Phone : +33 (0)3 20 30 40 71 Email: dominique.lo...@isen.fr ------------------------------------------------------------------------------ Come build with us! The BlackBerry® Developer Conference in SF, CA is the only developer event you need to attend this year. Jumpstart your developing skills, take BlackBerry mobile applications to market and stay ahead of the curve. Join us from November 9-12, 2009. Register now! http://p.sf.net/sfu/devconf _______________________________________________ Openca-Users mailing list Openca-Users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openca-users
