[THIN] Secure Gateway Certificate Question
- From: "Mike MacDonald" <Mike.MacDonald@xxxxxxxxxxxxxxxxxxxx>
- To: <THIN@xxxxxxxxxxxxx>
- Date: Mon, 7 Jun 2004 10:43:46 -0400
Ok, thought I had this down a year ago but find myself confused again. I have a
CSG implementation that I did last year using an internal cerification
authority. Now that the server certificate is expiring in 2 weeks and I would
like to upgrade CSG/NFuse I am revisiting the whole thing.
Basically I have 2 certificate servers that I setup internally, one root and
the other a sub-ordinate. I installed server certificates from the sub-ordinate
on both the NFuse and CSG server. In order to connect users needed 2
certificates, the CA Certificate from both the root and sub-ordinate CA. The
one from the root CA is good until 2008, the other expires every year.
First question, am I doing this right or do I have it all borked up? My
understanding is using internal CA's I have to give certificates to the users.
What I don't like is having to re-issue certificates yearly. I was hoping that
I would be able to simply renew the server certificates on the NFuse and CSG
server and that would be it.
Second question (assuming I haven't messed up everything else) is how to I
extend the expiration on the subordinate certificate? The root CA's certificate
is good for 5 years, the sub-ordinates only 1.
Thanks in advance,
Mike MacDonald
Other related posts:
