Expiring CA ??
Hello,
We have a internal web server running apache with ssl. We have setup our own CA and have used it to sign certs for other internal web servers. Our CA expires in Jan 2005 :( What is the best way to handle this ? Do I just simple make a new CA using the same key files ?? with a new expire date and hand it out to the desktops ? Do I need to make new certs for the sites and sign them with the new CA ? Michael. |
Re: Expiring CA ??
Quote:
My advice. Make a new CA Cert then make new certs for the sites and sign them with the new CA. I would never suggest you use the same key files. Generate new (memory getting foggy) RSA pub/priv keys. Assuming you are using RSA based certs. There is also DSA but I don't think this is mainstream except maybe in government. -b |
All times are GMT -5. The time now is 12:00 AM. |