Chris Covell wrote: > Guys, I have just been checking my certifciates and noticed that the CA [...] > go and get the new cert again but will I have to issue new user certificates > ?
The CRL distribution point extension is present on every client certificate
so you can simply update the extensions files according to your new config
and the new certificates will correctly point where your crls are kept.
This will obviously not fix the already issued certificates: you'll have
to re-issue them if you want to automatically have clients downloading
the CRL from the right address (nothing prevents you to warn users and
have them downloading the CRL specifying a different address). It is not
an elegant solution but should work.
The other option would be setting the wole CA up again by re-issuing every
certificate (including the CA's one).
--
C'you,
Massimiliano Pala
--o-------------------------------------------------------------------------
Massimiliano Pala [OpenCA Project Manager] [EMAIL PROTECTED]
[EMAIL PROTECTED]
http://www.openca.org Tel.: +39 (0)59 270 094
http://openca.sourceforge.net Mobile: +39 (0)347 7222 365
smime.p7s
Description: S/MIME Cryptographic Signature
