Lets say the standard lifetime for the for a Sub-CA is 5 years, and all end point certificates are signed for 2 years with the Sub-CA. In the beginning its all fine.. but when it has passed more than 3 years and the Sub-CA has the lifetime of less than 2 years left, how can the Sub-Ca sign new end point certificates for 2 years?
Lets say this can be fixed by reducing the lifetime of the end point certificates so that it will have less lifetime than the Sub-CA, but this doesnt seem like a good solution.. when the Sub-CA has 30 days left, we sign for 29 days for end point certificates? Or how is the transfer done, when the Sub-CA's liftetime has ended to the new Sub-CA? Will it be a smooth change or does it require alot of work..? ------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/ _______________________________________________ Openca-Users mailing list Openca-Users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openca-users