[TriLUG] openssl - expired root cert
Kevin Miller
kevinm at gmail.com
Thu Sep 30 11:12:22 EDT 2004
> Now that it has expired what do I do?
> I know I can throw out the old and create a new ca cert, but that seems a
> bad move since I have numerous host certs in use which have been signed by
> this ca. What is the right way to handle this?
That's basically the solution. Generally CA certs are issued for
multiple years. If you issue 1 year host certs, you start signing host
certs with a new CA cert when the old CA cert has 1 year left to live.
-Kevin
More information about the TriLUG
mailing list