Dear all,
our VPN signing CA is very old as it goes back to Astaro times... It has md5-signature and its key is just 1024 bit.
Many user certificates, depending on issuing date, are also very weak.
We now want to recreate the CA and are a bit unsure about what happens to certificates and users. Of course one tries to keep the trouble as small as possible. Is there a perfect way to change CA and user certificates?
My guess (and my hope) is the following:
- CA is recreated, old CA is kept for verification
- all users get new certificates but the old ones are kept and user objects remain unchanged -> every user is still able to connect with the old certificate
- we encourage every user to download the new configuration package and switch the configured certificate in the user object to the new one
Any hints and tipps for me? :-)
Regards
Christian
This thread was automatically locked due to age.