Fast response! Thanks. On Mon, Oct 27, 2008 at 4:49 PM, Victor Duchovni <[EMAIL PROTECTED]> wrote: > If you want to field a new root CA certificate, with a new subject == > issuer DN, all systems that trust the old CA cert will need to have the > new CA cert added to the list of trusted root CAs so that new certificates > you create can be verified.
Oh! I just realized my problem is because I am still ignorant of how SSL really works. I thought that the CA had to be online at all times, but I just shut off Apache and I am getting no SSL errors from my clients. So am I correct in assuming I can just shut down the old CA and start up a new one? I'll add the new CA cert to the list of trusted root CAs through Active Directory. -- Thanks, Chris de Vidal ============================ You're a good person? Prove it and win: TenThousandDollarOffer.com ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]