> If you use a different DN then they'll have different DNs - is that what
> you are saying? Or am I missing something?
Yes - that's all I'm saying. It's an option ... just not a good one!
Steve
On 04/09/2014 11:18 AM, John Kewley wrote:
>> Second problem - Assuming we need to, how do we get New certificates
>> without breaking systems.
> Simplest is just to use the recognised "RENEW" options. Unless you are using OpenCA + the "post your own PKCS10" and posting
> the same keys again (which I hope you'll see is a bad plan) then all our methods of RENEW give you new keys and this
> all fits in with Leif's comments.
>
>> This works around the block on hosts with multiple, simultaneous certificates
>> by using a new host DN.
> Cheers
>
> JK
--
Steve Jones [log in to unmask]
System Administrator office: 220
High Energy Physics Division tel (int): 42334
Oliver Lodge Laboratory tel (ext): +44 (0)151 794 2334
University of Liverpool http://www.liv.ac.uk/physics/hep/
|