[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: installing a new cacert - the transition

To: Adam Wolfe <kadamwolfe@gmail.com>
Subject: Re: installing a new cacert - the transition
From: Dan White <dwhite@olp.net>
Date: Thu, 10 Jan 2013 09:01:20 -0600
Cc: openldap-technical@openldap.org
Content-disposition: inline
In-reply-to: <50EE4802.9000103@gmail.com>
References: <50EE4802.9000103@gmail.com>
User-agent: Mutt/1.5.21 (2010-09-15)

On 01/09/13 23:48 -0500, Adam Wolfe wrote:

I am looking at having to install a new ca cert on our ldap server(s)and thus swapping out the client certs as well. This totals roughly250 different machines.
I am wondering as to the easiest way to go about this. Is there somegrace period that can be set to allow me to relax and get to all theclients over a week's time? Or possibly the ability to use twocerts? Then just slowly remove the old ones from the clients?


This doesn't sound like an ldap specific issue, and there are better places
to ask. But here's one approach:

1. Distribute your new CA certificate, along side your existing
one, to all hosts.

2. Replace your host/client/server certs one at a time.

3. Remove the old CA certificate from all hosts.

--
Dan White

References:
- installing a new cacert - the transition
  - From: Adam Wolfe <kadamwolfe@gmail.com>

Prev by Date: Re: ldap update ( 2.2 to 2.4)
Next by Date: RE: setting rootpw for cn=monitor
Index(es):
- Chronological
- Thread