Hi On Thu, Jul 22, 2021 at 9:10 PM Joe Patterson <j.m.patter...@gmail.com> wrote:
> Or, make a new ca.crt file with both the old and new ca certs, no > cross-signing required. Deploy to server, then to clients, so that > both server and clients trust both CA's. Then update the client certs > one by one to the new CA. Then update the server cert to the new CA. > Then deploy a ca.crt with only the new CA cert. > This requires two rounds of client updates. But simpler than cross-signing. Selva
_______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
