[Date Prev][Date Next] [Chronological] [Thread] [Top]

installing a new cacert - the transition

To: openldap-technical@openldap.org
Subject: installing a new cacert - the transition
From: Adam Wolfe <kadamwolfe@gmail.com>
Date: Wed, 09 Jan 2013 23:48:02 -0500
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=x-received:message-id:date:from:user-agent:mime-version:to:subject :content-type:content-transfer-encoding; bh=S1E2gqbFaHPBMRArlXixiHJMhrt03yLYaBbUBA0kLgo=; b=Sh1kkbxcsxgx6cDXys9qy2t+SlC7fjh4N17uaCpuIfTJ68djCa6iymWDnkemBkLLOZ fkrc5uRtGaqqs4JoMQbbPWVlXeIz7qmcHsesQLyiJj3LrHiVvwBT/fghem8EdGzHbvCY gAjpm0LR5Uci7XVGAcfRuYxd+nIfERCpGXTOv50Qd/z3IR8gjPjf3JllgO7gL83cvBJV dZiNGExKdaZ5qyUvzAkZOXT6dPb3M/Eu5Qe4kHRFDrvsVy/5sTR0b6c/1xGxw6PgCsRy JtHVpMk7RtoGbZsLQSyXe3iIbXyU0Ft6G4vCE/BUHGKpYRPjmIH2EopMW/cOFp/MV4tL iUQw==
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20130106 Thunderbird/17.0.2

Greetings all.

I am looking at having to install a new ca cert on our ldap server(s)and thus swapping out the client certs as well. This totals roughly 250different machines.

I am wondering as to the easiest way to go about this. Is there somegrace period that can be set to allow me to relax and get to all theclients over a week's time? Or possibly the ability to use two certs?Then just slowly remove the old ones from the clients?

Follow-Ups:
- Re: installing a new cacert - the transition
  - From: Dan White <dwhite@olp.net>

Prev by Date: Re: LDAP - not starting
Next by Date: Re: How to change a schema attribute definition or how to change the slapd configuration?
Index(es):
- Chronological
- Thread