Hi Dmitry, On 09/04/14 12:42, Dmitry Melekhov wrote: > Hello! > > May be this is faq, but I can't find any info which explains what I need > to do in step-by-step manner what I need to do in case of CA expiration. > I generated CA about 8.5 years ago for 10 years (default value), so I'll > face CA expiration soon enough. > I have ca.key and ca.crt, as I understand I can create new crt by the > same key for next 10 years, but what I need to do with existing > certificates. > As you can see I run openvpn for 8 years but still know nothing about > certificates :-( > > Could you point me to instructions or explain me what to do? :-) if your CA expires then you will need to reissue all certificates. Certificates are signed using the current CA key + certificate and even if you renew the CA cert the old client+server certs will still be signed using the **old** CA cert.
cheers, JJK > ------------------------------------------------------------------------------ Put Bad Developers to Shame Dominate Development with Jenkins Continuous Integration Continuously Automate Build, Test & Deployment Start a new project now. Try Jenkins in the cloud. http://p.sf.net/sfu/13600_Cloudbees _______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
