Hi Frank, this is actually a design feature. We think that automatically deleting the CA key from the Web interface is *extremely* risky. So, in case you need to do it, you have to actively go into the private key's directory and manually remove it.
It might be easier to allow that from the CA web interface, but the damages coming from deleting a CA's private key outweight the usability issue here. (especially when someone new is taking over an existing / running PKI). So, long story short, I don't think we'll be changing this feature soon unless there's a strong reason to do so :D Cheers, Max On 03/09/2011 05:59 AM, Frank, Petric (Petric) wrote:
Hello, If you do a Re-Init of the Database (Web-GUI: PKI Init& Config -> Initialization -> DB, Key and Cert Init -> Re-Init Database (destroys current DB)) the CA key still remains in the disk. It is not possible (i haven't found a way) to re-use the CA-Key. You can create a new CSR for the key, but the generation of the cert fails because the system tells me that there is already one. I think the CA-tree should also be re-initialized (incl. delete of CA-Key, Cert, CSR), right ?
smime.p7s
Description: S/MIME Cryptographic Signature
------------------------------------------------------------------------------ Colocation vs. Managed Hosting A question and answer guide to determining the best fit for your organization - today and in the future. http://p.sf.net/sfu/internap-sfd2d
_______________________________________________ Openca-Users mailing list Openca-Users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openca-users
