Fast response!  Thanks.

On Mon, Oct 27, 2008 at 4:49 PM, Victor Duchovni
<[EMAIL PROTECTED]> wrote:
> If you want to field a new root CA certificate, with a new subject ==
> issuer DN, all systems that trust the old CA cert will need to have the
> new CA cert added to the list of trusted root CAs so that new certificates
> you create can be verified.

Oh!  I just realized my problem is because I am still ignorant of how
SSL really works.  I thought that the CA had to be online at all
times, but I just shut off Apache and I am getting no SSL errors from
my clients.

So am I correct in assuming I can just shut down the old CA and start
up a new one?  I'll add the new CA cert to the list of trusted root
CAs through Active Directory.
-- 
Thanks,
Chris de Vidal


============================
You're a good person? Prove it and win:
TenThousandDollarOffer.com
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@openssl.org
Automated List Manager                           [EMAIL PROTECTED]

Reply via email to