Just move the CA directory over and you'll be fine. X.509
certificates are designed for offline usage, rather than requiring a
connection to the authenticator (the CA) at all times.

-Kyle H

On Mon, Oct 27, 2008 at 3:13 PM, Chris de Vidal wrote:
> Fast response! Thanks.
>
> On Mon, Oct 27, 2008 at 4:49 PM, Victor Duchovni
> wrote:
>> If you want to field a new root CA certificate, with a new subject ==
>> issuer DN, all systems that trust the old CA cert will need to have the
>> new CA cert added to the list of trusted root CAs so that new certificates
>> you create can be verified.

>
> Oh! I just realized my problem is because I am still ignorant of how
> SSL really works. I thought that the CA had to be online at all
> times, but I just shut off Apache and I am getting no SSL errors from
> my clients.
>
> So am I correct in assuming I can just shut down the old CA and start
> up a new one? I'll add the new CA cert to the list of trusted root
> CAs through Active Directory.
> --
> Thanks,
> Chris de Vidal
>
>
> ============================
> You're a good person? Prove it and win:
> TenThousandDollarOffer.com
> __________________________________________________ ____________________
> OpenSSL Project http://www.openssl.org
> User Support Mailing List openssl-users@openssl.org
> Automated List Manager majordomo@openssl.org
>

__________________________________________________ ____________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majordomo@openssl.org