LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Security (https://www.linuxquestions.org/questions/linux-security-4/)
-   -   What to do with old/expired SSL Cert(s)? (https://www.linuxquestions.org/questions/linux-security-4/what-to-do-with-old-expired-ssl-cert-s-4175655320/)

Latitude 06-07-2019 08:14 AM
What to do with old/expired SSL Cert(s)?
 
What is a good practice of how to deal with old/expired SSL certs and private keys? Is it safe to delete them or should they be moved to an archive directory for any reason? I recently updated the SSL certificate for our organization's web site which was recently verified and signed by the CA. I've updated the certificate by changing the SSL configuration file /etc/httpd/conf.d/ssl.conf to point to the new certificate file, and restarting httpd. I left the old file there but I don't want to leave the old cert there if it shouldn't be. I no longer see a reason to keep the old certificate and would like to know how handle this in the wild. Thanks guys!

pan64 06-07-2019 09:04 AM
actually I can't find any reason to keep it. But probably someone knows...

RickDeckard 06-09-2019 06:32 PM
Add them to your CRL. You do have one of those, don't you?


All times are GMT -5. The time now is 11:58 PM.