[openssl-users] Properly manage CA-signed certificates that have expired
Salz, Rich
rsalz at akamai.com
Thu Mar 31 16:11:26 UTC 2016
> Yep, and give the new ones a slightly different "full"
> distinguished name (important for CRL and "ca" database).
> My approach is to include the year-month as an extra OU e.g.
>
> CN=foo.example.private,OU=isonetwork,OU=2016-03,O=YourCompany Inc,L=YourTown,C=XX
Ooh, that's neat advice!
--
Senior Architect, Akamai Technologies
IM: richsalz at jabber.at Twitter: RichSalz
More information about the openssl-users
mailing list