12 Feb
2010
12 Feb
'10
6:44 a.m.
On Thursday, 11 February 2010 12:18:37 Philippe Bloix wrote:
Hi,
My root CA will expire soon. What is the best method to avoid break between ldap server and ldap client communication?
If i create a new root CA, then i will have to copy this new root CA on each ldap client (several hundred). In this case, is it possible to switch from the old root CA to the new root CA without a break between server and client? How?
You should be able to deploy a new CA certificate file that contains both CA certificates. As long as you deploy the combined CA cert file before you issue new certs, and replace all the client or server certificates before the old CA expires, you should have no interruption of service.
Regards, Buchan