On 04/17/2017 09:32 PM, Heater, B. Roger wrote: > Our Self Signed Root certificate does not expire for years, however, > our intermediate certificate, which is the default CA in DJIGZo and > the certificate that issued all of our individual users' certificates > expired at the end of March. > > Is there a way for us to renew the default CA intermediate > certificate that has expired in DJIGZO so that the encryption > certificates for all the users do not need to be recreated?
Unfortunately that is not possible with the CA certs generated with CipherMail. The best thing would be to create a new CA (root and intermediate) and make sure it's valid for a very long period (for example 20 years). The existing keys can still be used for decryption in case some sender still uses the old certificates. Instead of using the built-in CA, you might consider using an external CA and create the root and intermediate(s) externally and then import them into CipherMail. This might give you more flexibility. The built-in CA is not as feature rich as a full blown CA server. Kind regards, Martijn Brinkers -- CipherMail email encryption Email encryption with support for S/MIME, OpenPGP, PDF encryption and secure webmail pull. https://www.ciphermail.com Twitter: http://twitter.com/CipherMail _______________________________________________ Users mailing list Users@lists.djigzo.com https://lists.djigzo.com/lists/listinfo/users
