| Michael Leone on 2 May 2017 10:00:28 -0700 |
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]
| [PLUG] Migrating and updating a CA |
I've got a (very) old VM that's running Ubuntu 9.10 (told you it was old LOL). I use this VM mostly as a CA (and also to collect files via SSH, which will be a separate post). I use this CA for self-signed certs (obviously ...). What I want to do is to finally upgrade to a more modern OS, and migrate my CA from the old one to the new one. As a side wrinkle, this CA is so old that it's using SHA1 (Signature Algorithm: sha1WithRSAEncryption). So: how do I migrate over my configured CA from the old VM to a new VM? And then, how to I upgrade my CA root cert itself to SHA-256 (that's the latest recommendation, I believe). I do want all my old certs to continue working with the new CA root cert. I *think* that I need to change my default_md to sha256 in openssl.cnf; that will enable all future certs to be sha256, once I get a sparkly new VM built, for my upgraded CA.. But what of the CA cert? How can I re-issue that, while still maintaining backward compatability with my existing certs? I haven't found HOWTOs on that. Anyone? Thanks ___________________________________________________________________________ Philadelphia Linux Users Group -- http://www.phillylinux.org Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug