[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Expiration of root CA

On Thursday, 11 February 2010 12:18:37 Philippe Bloix wrote:
> Hi,
> My root CA will expire soon. What is the best method to avoid break between
> ldap server and ldap client communication?
> If i create a new root CA, then i will have to copy this new root CA on
>  each ldap client (several hundred). In this case, is it possible to switch
>  from the old root CA to the new root CA without a break between server and
>  client? How?

You should be able to deploy a new CA certificate file that contains both CA 
certificates. As long as you deploy the combined CA cert file before you issue 
new certs, and replace all the client or server certificates before the old CA 
expires, you should have no interruption of service.