Menu
▾
▴
Re: [Ejbca-develop] Deleting the root CA
|
From: Andreas K. <ku...@tr...> - 2014-11-24 19:40:57
|
Hi again, Michael! > Michael Postmann wrote: >> In our setup we have a root CA which singed two intermediate CA's which >> then sign some client and webserver certificates to be used internally and >> by our clients. For reasons of security, we want to remove the root CA from >> the server, as soon as the intermediate CAs are signed. The root CA will be >> stored in physical safe so we have it available in case we need it again. > An off-line root CA key. He doesn't talk about deleting keys, he talks about deleting CAs! Iirc this isn't possible anyway ... Greetings, Andreas |
