Re: How to revoke the root CA certificate ?
From: Brian Komar (bkomar_at_nospam.identit.ca)
Date: 02/02/05
- Next message: Yannick Béot: "Re: How to revoke the root CA certificate ?"
- Previous message: Yannick Béot: "How to revoke the root CA certificate ?"
- In reply to: Yannick Béot: "How to revoke the root CA certificate ?"
- Next in thread: Yannick Béot: "Re: How to revoke the root CA certificate ?"
- Reply: Yannick Béot: "Re: How to revoke the root CA certificate ?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 2 Feb 2005 07:15:55 -0600
In article <4200b203$0$24722$626a14ce@news.free.fr>,
yannick.beot@NOSPAM.free.fr says...
> Hi,
>
> I have a standalone certificate authority on Windows Server 2003, and I
> wonder how I can revoke the CA certificate, in the case of a
> compromission, cessation of activity,...
>
> Since it does not appear in the list of issued certificates, I don't
> know where to right-click to revoke the CA certificate.
>
> For the moment it's only to know the procedure, in case of...
>
> Thanks in advance
>
>
> Yannick Beot
>
To revoke a root, you must remove the certificate from all computer's
trusted root stores and redeploy your PKI. It is kind of a chicken and
the egg issue.
If you are revoking the root CA certificate, you want it to go on the
CRL. But what certificate is used to sign the CRL... the certificate
that you are revoking, making the CRL invalid.
Hence the importance of using good physical and logical security to
protect the root CA.
Brian
- Next message: Yannick Béot: "Re: How to revoke the root CA certificate ?"
- Previous message: Yannick Béot: "How to revoke the root CA certificate ?"
- In reply to: Yannick Béot: "How to revoke the root CA certificate ?"
- Next in thread: Yannick Béot: "Re: How to revoke the root CA certificate ?"
- Reply: Yannick Béot: "Re: How to revoke the root CA certificate ?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
