LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 11-19-2004, 02:52 PM   #1
michael_util
Member
 
Registered: Feb 2004
Posts: 47

Rep: Reputation: 15
Expiring CA ??


Hello,

We have a internal web server running apache with ssl. We have setup our own CA and have used it to sign certs for other internal web servers.

Our CA expires in Jan 2005 What is the best way to handle this ?

Do I just simple make a new CA using the same key files ?? with a new expire date and hand it out to the desktops ?

Do I need to make new certs for the sites and sign them with the new CA ?

Michael.
 
Old 11-19-2004, 03:14 PM   #2
bignerd
Member
 
Registered: Nov 2004
Distribution: FC1, Gentoo, Mdk 8.1, RH7-8-9, Knoppix, Zuarus rom 3.13
Posts: 98

Rep: Reputation: 15
Re: Expiring CA ??

Quote:
Originally posted by michael_util
Hello,

We have a internal web server running apache with ssl. We have setup our own CA and have used it to sign certs for other internal web servers.

Our CA expires in Jan 2005 What is the best way to handle this ?

Do I just simple make a new CA using the same key files ?? with a new expire date and hand it out to the desktops ?

Do I need to make new certs for the sites and sign them with the new CA ?

Michael.
I'm not CA expert but it's been my understanding that any cert that is signed by a CA goes poof if the CA cert expires. The clients can still accept I believe but the certs will be identified as invalid.

My advice. Make a new CA Cert then make new certs for the sites and sign them with the new CA.

I would never suggest you use the same key files. Generate new (memory getting foggy) RSA pub/priv keys. Assuming you are using RSA based certs. There is also DSA but I don't think this is mainstream except maybe in government.

-b
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
detecting expiring passwords jcivello Linux - General 1 12-02-2005 08:56 PM
Mozilla mail and expiring old e-mail automatically dalek Linux - Software 8 07-14-2004 07:43 AM
expiring users acid_kewpie LQ Suggestions & Feedback 10 04-15-2004 01:13 PM
expiring passwords in kerberos with AD acb67 Linux - Security 1 10-31-2003 01:22 PM
account expiring zovres Linux - Newbie 1 09-16-2003 06:57 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 02:22 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration