Hi All,
Can someone enlighten me as to the whether it is necessary for a CA to
revoke an existing host certificate when issuing a new cert for that
host.
We recently ran into trouble when our CA issued new certs for our hosts.
The old certs would have expired within 20 days. Due to delays in
notification we had not deployed the new certs when the old certs
started appearing in the updated crls at sites across the grid.
Our CA tells us they have to revoke the old certs when issuing the new
certs. This seems a difficult requirement for sites trying to maintain a
production service without 24/7 operations.
Any tips appreciated...
cheers,
glenn.
|