Updating CA Servers from 1024 to 2048 key size
does have article on updating ca enterprise servers including root , issuing servers 1024 2048 key size. there caveats or known issues doing ?
on tue, 30 oct 2012 04:00:03 +0000, lutzmh wrote:
going 1024 2048 means having new ca private key. or, if will, new root ca , issuing cas. run pki on windows 2008 r2 or 2003. if 2003 may want upgrade 2008 r2 or 2012 anyway. after have new pki can re-issue machine certificates automatically, update radius etc. before machines can logon wifi, example. if provide little bit more insight pki may find article fits environment.
renewing cas new key pair not mean new pki, nor it
require re-issuance of existing certificates. renewing new key
pair automatically create cross-certification certificates your
cas (identified (n) @ end of certificate , crl filenames)
which, amongst other things chain , revocation checking to
continue work certificates issued prior renewal.
paul adare
mvp - forefront identity manager
http://www.identit.ca
terminal: people have before consenting see doctor.
Windows Server > Security
Comments
Post a Comment