Fast response! Thanks.

On Mon, Oct 27, 2008 at 4:49 PM, Victor Duchovni
wrote:
> If you want to field a new root CA certificate, with a new subject ==
> issuer DN, all systems that trust the old CA cert will need to have the
> new CA cert added to the list of trusted root CAs so that new certificates
> you create can be verified.


Oh! I just realized my problem is because I am still ignorant of how
SSL really works. I thought that the CA had to be online at all
times, but I just shut off Apache and I am getting no SSL errors from
my clients.

So am I correct in assuming I can just shut down the old CA and start
up a new one? I'll add the new CA cert to the list of trusted root
CAs through Active Directory.
--
Thanks,
Chris de Vidal


============================
You're a good person? Prove it and win:
TenThousandDollarOffer.com
__________________________________________________ ____________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majordomo@openssl.org