Pantek Library

Hosting Provided By

CybrHost

High Speed Hosting

Re: [Users] What happens to FS connections when a Certificate of Authority Expires?

From: Andreas Steffen <andreas.steffen(at)strongsec.net>
Date: Mon May 05 2003 - 02:29:57 EDT

When the CA certificate expires then all certificates signed by it will become invalid. The proper thing to do is to generate a new RSA public/private key pair for the CA, and issue new end certificates. As you mentioned correctly multiple CA certificates are supported by FreeS/WAN.

If you think that the private key of the old CA is still secure then you could generate a new CA certificate based on the old public/private key pair. If the distinguished name remains the same (you must revoke the old CA certificate first in order to do this) then FreeS/WAN will accept a "refreshed" CA certificate.

Joe Haynes wrote:
> I apologize if this is in the wrong forum (pointers

Andreas Steffen                   e-mail: andreas.steffen@strongsec.com
strongSec GmbH                    home:   
http://www.strongsec.com
Alter Zürichweg 20                phone:  +41 1 730 80 64

CH-8952 Schlieren (Switzerland) fax: +41 1 730 80 65

==========================================[strong internet security]===

Content Security by MailMarshal

Users mailing list
Users@lists.freeswan.org
http://lists.freeswan.org/mailman/listinfo/users Received on Mon May 5 03:28:51 2003

This message: [ Message body ]
Next message: chonga: "[Users] BLANK AD"
Previous message: Andreas Steffen: "Re: [Users] No Connection Authorized."
In reply to Joe Haynes: "[Users] What happens to FS connections when a Certificate of Authority Expires?"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 13:01:30 EDT

Contact Us Legal Notices Order Services Online
Pantek Home Privacy Policy IT news Site Map Pantek Library