Just move the CA directory over and you'll be fine. X.509 certificates are designed for offline usage, rather than requiring a connection to the authenticator (the CA) at all times.
-Kyle H On Mon, Oct 27, 2008 at 3:13 PM, Chris de Vidal <[EMAIL PROTECTED]> wrote: > Fast response! Thanks. > > On Mon, Oct 27, 2008 at 4:49 PM, Victor Duchovni > <[EMAIL PROTECTED]> wrote: >> If you want to field a new root CA certificate, with a new subject == >> issuer DN, all systems that trust the old CA cert will need to have the >> new CA cert added to the list of trusted root CAs so that new certificates >> you create can be verified. > > Oh! I just realized my problem is because I am still ignorant of how > SSL really works. I thought that the CA had to be online at all > times, but I just shut off Apache and I am getting no SSL errors from > my clients. > > So am I correct in assuming I can just shut down the old CA and start > up a new one? I'll add the new CA cert to the list of trusted root > CAs through Active Directory. > -- > Thanks, > Chris de Vidal > > > ============================ > You're a good person? Prove it and win: > TenThousandDollarOffer.com > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List openssl-users@openssl.org > Automated List Manager [EMAIL PROTECTED] > ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
