|
Posted by Brian Komar [MVP] on September 21, 2005, 5:45 am
Please log in for more thread options
says...
> hi folks,
>
> we need to renew the ca certificate and we want to change the subject
> name of the certificate at the same time. we tried to install a new
> certificate with a modified subject name. the ca displayed an error that
> the common name of the submitter does not match the name of the
> current configuration.
>
> the reason we want to do that is a planned migration from an old
> structure to a new one. is there any way to change a ca certificates'
> subject name and keeping all issued certificates?
>
> thanks!
> jan mönnich
>
No. When you renew a CA certificate you are signing the request with the
old CA certificate (thus requiring the same name)
If you want to switch names, you need to do a phased migration. You keep
the old CAs up to sign CRLs, but remove all ability to issue
certificates:
- standalone CA: ensure all requests are pended and you reject all
requests
- enterprise CA: Do not make any certificate templates available.
Deploy new CAs with the desired names and then deploy from the new CAs
all certificates
Brian
| 
XML Sitemap