The X.509-canonical way to do this is to have the old trust anchor sign a new certificate containing the new public key, using the same Issuer name and a different AuthorityKeyIdentifier. This is called "key rollover", but it retains the security level of the old key (meaning, if the original trust anchor is a 1024-bit key, then when the original key is brute-forced it could sign an alternative rollover certificate).
-Kyle H On Tue, May 27, 2014 at 8:58 AM, Sven Reissmann <s...@0x80.io> wrote: > Hi, > > thank you all for the clarification. As most users do not have OpenSSL > 1.0.2, this doesn't seem to solve my problem. > > What I want to achieve is having a new rootCA, which replaces an > oldRootCA, which I am using until now. > > So far the trust chain is: oldRoot -> oldServerCert. > > What I thought should be possible is building this trust chain: > oldRoot -> newRoot -> newSubCA -> newServerCert > > As Users are trusting oldRoot, changing the oldServerCert to > newServerCert is no problem. After some time, users would move trust to > newRoot and I can "disable" oldRoot. > > This doesn't seem possible, if I understand your answers correct. > > Is there another/better/default way of smoothly changing a trust anchor? > I.e. by cross-signing the newRoot by itself and the oldRoot? > > Thanks, Sven. > > -- > PGP Key: https://0x80.io/pub/files/key.asc > PGP Key Fingerprint: 2DF2 79CD 48DD 4D38 F0B6 7557 2E68 D557 49AA 1D99 > > Note: I'll be transitioning away from this key in the near future. > > On 05/27/2014 05:16 PM, Dr. Stephen Henson wrote: > > On Tue, May 27, 2014, Viktor Dukhovni wrote: > > > >> On Tue, May 27, 2014 at 03:44:46PM +0200, Sven Reissmann wrote: > >> > >>> But, should't it also be possible to only verify the trust chain up to > >>> the subCA (i.e., if I fully trust this CA)? I would have expected that > >>> this will verify sucessfully: > >> > >> OpenSSL versions prior to 1.0.2 require that all trusted certificates > >> be self-signed. In 1.0.2 it is possible to use X509_verify_cert() > >> with a trust anchor that is not self-signed, but I don't recall > >> whether this is possible through the CLI. > >> > > > > It is with the -parial_chain option. > > > > Steve. > > -- > > Dr Stephen N. Henson. OpenSSL project core developer. > > Commercial tech support now available see: http://www.openssl.org > > ______________________________________________________________________ > > OpenSSL Project http://www.openssl.org > > User Support Mailing List openssl-users@openssl.org > > Automated List Manager majord...@openssl.org > > > >
