Fast response! Thanks.

On Mon, Oct 27, 2008 at 4:49 PM, Victor Duchovni
> If you want to field a new root CA certificate, with a new subject ==
> issuer DN, all systems that trust the old CA cert will need to have the
> new CA cert added to the list of trusted root CAs so that new certificates
> you create can be verified.

Oh! I just realized my problem is because I am still ignorant of how
SSL really works. I thought that the CA had to be online at all
times, but I just shut off Apache and I am getting no SSL errors from
my clients.

So am I correct in assuming I can just shut down the old CA and start
up a new one? I'll add the new CA cert to the list of trusted root
CAs through Active Directory.
Chris de Vidal

You're a good person? Prove it and win:
__________________________________________________ ____________________
OpenSSL Project
User Support Mailing List
Automated List Manager