It depends on what you've told your clients to verify. We have our
clients verify both the CA *and* CommonName (as should be done by
all :)). We just renewed our cert several months ago with no issue
whatsoever, and no one outside central IT even knew it was done (or
needed to for that matter). Its no different than renewing a web
server cert in that regard... if you're just renewing it, then the CA
signature, issuer, and CN/subject will continue to match what the
client knows about, and all that should have changed is the
certificate serial number and validity dates.
--Mike
On May 3, 2007, at 7:00 PM, Julian Y. Koh wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Our SSL cert for our RADIUS server is expiring soon. We've got a
renewed
certificate all set to load up, but I was wondering how clients
behave when
presented with the new cert if they've already set up their
supplicants to
accept the original one. Will users be asked to approve the new
cert just
like when they first set things up? Or will their supplicants
recognize that
all that has changed is the expiration date and automatically
accept it?
We're trying to gauge how much notification we need to do about
this change
to the user community.
Thanks!!
-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.6.0 (Build 214)
Comment: <http://bt.ittns.northwestern.edu/julian/pgppubkey.html>
wj8DBQFGOneYDlQHnMkeAWMRAtecAJ9cBg8DoJCujR+kcbObCrYb8ro3BgCgrtuX
L6Cfoi8vOZgdVXUo6RcaGjY=
=a65Y
-----END PGP SIGNATURE-----
--
Julian Y. Koh
<mailto:[EMAIL PROTECTED]>
Network Engineer <phone:
847-467-5780>
Telecommunications and Network Services Northwestern
University
PGP Public Key:<http://bt.ittns.northwestern.edu/julian/
pgppubkey.html>
**********
Participation and subscription information for this EDUCAUSE
Constituent Group discussion list can be found at http://
www.educause.edu/groups/.
**********
Participation and subscription information for this EDUCAUSE Constituent Group
discussion list can be found at http://www.educause.edu/groups/.
