This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Remote Access: Recreate CA - what happens to User Access?

Dear all,

our VPN signing CA is very old as it goes back to Astaro times... It has md5-signature and its key is just 1024 bit.

Many user certificates, depending on issuing date, are also very weak.

We now want to recreate the CA and are a bit unsure about what happens to certificates and users. Of course one tries to keep the trouble as small as possible. Is there a perfect way to change CA and user certificates?

My guess (and my hope) is the following:

- CA is recreated, old CA is kept for verification

- all users get new certificates but the old ones are kept and user objects remain unchanged -> every user is still able to connect with the old certificate

- we encourage every user to download the new configuration package and switch the configured certificate in the user object to the new one

Any hints and tipps for me? :-)

Regards

Christian

This thread was automatically locked due to age.

0 DouglasFoster over 6 years ago

Have not done this, but I expect all of your users will need to download new keys from the User Portal. Open a support case to be sure.
Cancel
Vote Up 0 Vote Down

Cancel