On 15.08.2017 19:47, Viktor Dukhovni wrote: > The hardest part is making sure you still have a copy of all the > authorized public keys or certificates, so that you can compute a > new digest.
I am dealing with approximately a dozen certificates, most of them for server-to-server communication. Turns out that the small number of end user certificates, which are used in addition to this dozen, will expire in a few weeks anyway, and rolling out new certs will be an opportunity to switch the digest algorithm. -Ralph
