UPDATE! The community will be go into read-only on April 19, 8am Pacific in preparation for migration on April 21. Read more.
UPDATE! The community will be go into read-only on April 19, 8am Pacific in preparation for migration on April 21.Read more.
Absent Member.
Absent Member.
1683 views

CA - 10 year root certificate will be expiring in year

I found the TID on how to move CA to another server. 3618399

About 9 years ago, I manually created our current CA, I believe it was Netware 5.1.
The CA is currently hosted on a Netware 6.5 SP8 server. I believe that I moved the CA from Netware to Netware box several years ago.
It seems that if I follow the 3618399 TID, I should be able to move CA to a Linux box, OES2 or later.

However, second question, and I thought that I read this somewhere.
Is it possible to extend the life of CA with out having to delete and recreate?

Thanks,
Lin

Labels (1)
0 Likes
2 Replies
Knowledge Partner Knowledge Partner
Knowledge Partner

lcurrie;2192843 wrote:
I found the TID on how to move CA to another server. 3618399

About 9 years ago, I manually created our current CA, I believe it was Netware 5.1.
The CA is currently hosted on a Netware 6.5 SP8 server. I believe that I moved the CA from Netware to Netware box several years ago.
It seems that if I follow the 3618399 TID, I should be able to move CA to a Linux box, OES2 or later.

However, second question, and I thought that I read this somewhere.
Is it possible to extend the life of CA with out having to delete and recreate?

Thanks,
Lin


Hi Lin,

No, the lifespan of the eDir CA cannot be modified after creation.

As a note, If you remove and recreate the eDir CA, all certificates that where created will still be functional as long as they have not expired. As the eDir CA is not seen as official trusted source anyway (from a browser's POV) there are usually not to many headaches that stem from recreating the CA.

Besides the Novell server certificates, has the eDir CA been used to sign/create other type certificates?

Cheers,
Willem
0 Likes
Absent Member.
Absent Member.

No other certificates created, however, we have various LDAP servers which use LDAP.
When I recreate and genn new services then we have to make mods on the other products.
It is probably less than 6 products and servers though.

Sounds like the only option would be to just delete the existing Netware CA and recreate on a OES2 SP2a or later Linux box.

Is there a TID for this and creating on a Linux box?

I understand until a CA is recreated, I would not be able to install new servers?

Lin

0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.