-   Linux - Security (
-   -   What to do with old/expired SSL Cert(s)? (

Latitude 06-07-2019 09:14 AM

What to do with old/expired SSL Cert(s)?
What is a good practice of how to deal with old/expired SSL certs and private keys? Is it safe to delete them or should they be moved to an archive directory for any reason? I recently updated the SSL certificate for our organization's web site which was recently verified and signed by the CA. I've updated the certificate by changing the SSL configuration file /etc/httpd/conf.d/ssl.conf to point to the new certificate file, and restarting httpd. I left the old file there but I don't want to leave the old cert there if it shouldn't be. I no longer see a reason to keep the old certificate and would like to know how handle this in the wild. Thanks guys!

pan64 06-07-2019 10:04 AM

actually I can't find any reason to keep it. But probably someone knows...

RickDeckard 06-09-2019 07:32 PM

Add them to your CRL. You do have one of those, don't you?

All times are GMT -5. The time now is 02:14 PM.