Michael Leone on 2 May 2017 10:00:28 -0700

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[PLUG] Migrating and updating a CA

I've got a (very) old VM that's running Ubuntu 9.10 (told you it was
old LOL). I use this VM mostly as a CA (and also to collect files via
SSH, which will be a separate post). I use this CA for self-signed
certs (obviously ...).

What I want to do is to finally upgrade to a more modern OS, and
migrate my CA from the old one to the new one. As a side wrinkle, this
CA is so old that it's using SHA1 (Signature Algorithm:

So: how do I migrate over my configured CA from the old VM to a new VM?

And then, how to I upgrade my CA root cert itself to SHA-256 (that's
the latest recommendation, I believe). I do want all my old certs to
continue working with the new CA root cert.

I *think* that I need to change my default_md to sha256 in
openssl.cnf; that will enable all future certs to be sha256, once I
get a sparkly new VM built, for my upgraded CA..

But what of the CA cert? How can I re-issue that, while still
maintaining backward compatability with my existing certs?

I haven't found HOWTOs on that. Anyone?

Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug