During the lifetime of a certification authority, certification authority certificates are renewed according to the planning for their life cycle. A new key pair can optionally be used here. The previous certification authority certificates expire or are revoked.
Expired certificate authority certificates can become a problem under certain circumstances if, for example, the associated private keys are stored on old hardware security modules (HSM) and these can only be migrated to new hardware with great difficulty.
In such a case, it may be useful to remove old certification authority certificates from the certification authority configuration.
Continue reading „Entfernen alter Zertifizierungsstellen-Zertifikate aus der Konfiguration einer Zertifizierungsstelle“