[TriLUG] openssl - expired root cert
Ryan Leathers
Ryan.Leathers at globalknowledge.com
Thu Sep 30 11:59:48 EDT 2004
ugh !
Well, bad news is better than no news. Thanks Kevin.
-----Original Message-----
From: Kevin Miller [mailto:kevinm at gmail.com]
Sent: Thursday, September 30, 2004 11:12 AM
To: Triangle Linux Users Group discussion list
Subject: Re: [TriLUG] openssl - expired root cert
> Now that it has expired what do I do?
> I know I can throw out the old and create a new ca cert, but that seems a
> bad move since I have numerous host certs in use which have been signed by
> this ca. What is the right way to handle this?
That's basically the solution. Generally CA certs are issued for
multiple years. If you issue 1 year host certs, you start signing host
certs with a new CA cert when the old CA cert has 1 year left to live.
-Kevin
--
TriLUG mailing list : http://www.trilug.org/mailman/listinfo/trilug
TriLUG Organizational FAQ : http://trilug.org/faq/
TriLUG Member Services FAQ : http://members.trilug.org/services_faq/
TriLUG PGP Keyring : http://trilug.org/~chrish/trilug.asc
More information about the TriLUG
mailing list