I see. Thank you very much Jakob and Jeffrey!
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
On Thu, Mar 31, 2016 at 6:36 PM, Ben Humpert wrote:
> 2016-03-31 18:09 GMT+02:00 Jakob Bohm :
>> On 31/03/2016 17:16, warron.french wrote:
>> 3. Then create new server certificates for the 2 servers again.
>>
>> Yep, and give the new ones a slightly different "full"
>> distinguished name (importa
On 01/04/2016 00:36, Ben Humpert wrote:
2016-03-31 18:09 GMT+02:00 Jakob Bohm :
On 31/03/2016 17:16, warron.french wrote:
3. Then create new server certificates for the 2 servers again.
Yep, and give the new ones a slightly different "full"
distinguished name (important for CRL and "ca" databa
2016-03-31 18:09 GMT+02:00 Jakob Bohm :
> On 31/03/2016 17:16, warron.french wrote:
> 3. Then create new server certificates for the 2 servers again.
>
> Yep, and give the new ones a slightly different "full"
> distinguished name (important for CRL and "ca" database).
> My approach is to include t
> Yep, and give the new ones a slightly different "full"
> distinguished name (important for CRL and "ca" database).
> My approach is to include the year-month as an extra OU e.g.
>
> CN=foo.example.private,OU=isonetwork,OU=2016-03,O=YourCompany
>Inc,L=YourTown,C=XX
Ooh, that's neat advice!
On 31/03/2016 17:16, warron.french wrote:
Hello, I had to build a Certificate Authority (CA) server for an
isolated network (I know, it seems silly).
Anyway, I figured out how to create the CA service doing a self-signed
certificate that will expire in 9 years, because it was a 10-year
certif
Hello, I had to build a Certificate Authority (CA) server for an isolated
network (I know, it seems silly).
Anyway, I figured out how to create the CA service doing a self-signed
certificate that will expire in 9 years, because it was a 10-year
certificate of which 9 years remains available.
I th
