Hello, Last year we deployed a root and intermediary CA's to support a web service - We have now found some issues with the root CA and need to fix them. We have many clients in many organisations which have installed the old root cert - There is currently one service being verified by this root.
Is it possible to reissue the root and intermediate CA and have clients with both old and new root certificates installed work? More info about our setup. ~~~~~~~~~~~~~~~~ RootCA - 2 Problems: (Missing Key Usage Directive, AKI contains keyid, issuer ID, and Serial) Intermediate CA - Problems (MD5 signed) Final CA - Used to verify various I saw a recipe to reissue a root CA on this list - http://marc.info/?l=openssl-users&m=113292902213919&w=2 Now I'm going to test the following with our dev CA.... 1) Recreate root cert adding Key Usage directive and fixing AKI to have keyid only. 2) Create a new intermediate cert
