On June 16, 2008 12:46:56 pm Gilles Cuesta wrote:
> 2008/6/16 Michael Ströder <[EMAIL PROTECTED]>:
> > Gilles Cuesta wrote:
> >> So, at a time, we have 2 ClientCA with different key and different
> >> validity period, but same DN.
> >
> > This is bad practice. Try searching for "CA key roll-over".
Gilles Cuesta wrote:
2008/6/16 Michael Ströder <[EMAIL PROTECTED]>:
Gilles Cuesta wrote:
So, at a time, we have 2 ClientCA with different key and different
validity period, but same DN.
This is bad practice. Try searching for "CA key roll-over".
I found docs about it, but proprietary PKI, an
2008/6/16 Michael Ströder <[EMAIL PROTECTED]>:
> Gilles Cuesta wrote:
>>
>> So, at a time, we have 2 ClientCA with different key and different
>> validity period, but same DN.
>
> This is bad practice. Try searching for "CA key roll-over".
I found docs about it, but proprietary PKI, and couldn't k
Gilles Cuesta wrote:
So, at a time, we have 2 ClientCA with different key and different
validity period, but same DN.
This is bad practice. Try searching for "CA key roll-over".
The problem is, when verifying client cert work with both ClientCA
stacked; but when using CRL, old clients work on
