[Date Prev][Date Next]
Re: installing a new cacert - the transition
On 01/09/13 23:48 -0500, Adam Wolfe wrote:
I am looking at having to install a new ca cert on our ldap server(s)
and thus swapping out the client certs as well. This totals roughly
250 different machines.
I am wondering as to the easiest way to go about this. Is there some
grace period that can be set to allow me to relax and get to all the
clients over a week's time? Or possibly the ability to use two
certs? Then just slowly remove the old ones from the clients?
This doesn't sound like an ldap specific issue, and there are better places
to ask. But here's one approach:
1. Distribute your new CA certificate, along side your existing
one, to all hosts.
2. Replace your host/client/server certs one at a time.
3. Remove the old CA certificate from all hosts.