[TriLUG] openssl - expired root cert

Ryan Leathers Ryan.Leathers at globalknowledge.com
Thu Sep 30 11:59:48 EDT 2004


ugh !

Well, bad news is better than no news.  Thanks Kevin.

-----Original Message-----
From: Kevin Miller [mailto:kevinm at gmail.com]
Sent: Thursday, September 30, 2004 11:12 AM
To: Triangle Linux Users Group discussion list
Subject: Re: [TriLUG] openssl - expired root cert


> Now that it has expired what do I do?
> I know I can throw out the old and create a new ca cert, but that seems a
> bad move since I have numerous host certs in use which have been signed by
> this ca.  What is the right way to handle this?

That's basically the solution. Generally CA certs are issued for
multiple years. If you issue 1 year host certs, you start signing host
certs with a new CA cert when the old CA cert has 1 year left to live.

-Kevin
-- 
TriLUG mailing list        : http://www.trilug.org/mailman/listinfo/trilug
TriLUG Organizational FAQ  : http://trilug.org/faq/
TriLUG Member Services FAQ : http://members.trilug.org/services_faq/
TriLUG PGP Keyring         : http://trilug.org/~chrish/trilug.asc



More information about the TriLUG mailing list