Menu
▾
▴
Re: [Ejbca-develop] Deleting the root CA
|
From: Michael S. <mi...@st...> - 2014-11-24 19:47:22
|
Andreas Kuehne wrote: > Hi again, Michael! >> Michael Postmann wrote: >>> In our setup we have a root CA which singed two intermediate CA's which >>> then sign some client and webserver certificates to be used internally and >>> by our clients. For reasons of security, we want to remove the root CA from >>> the server, as soon as the intermediate CAs are signed. The root CA will be >>> stored in physical safe so we have it available in case we need it again. >> An off-line root CA key. > He doesn't talk about deleting keys, he talks about deleting CAs! > Iirc this isn't possible anyway ... Probably the original poster should clarify what he really wants. Ciao, Michael. |
