Skip to main content
Question

Company Root CA Cert expiry

  • November 2, 2011
  • 6 replies
  • 13 views
bentoms
Forum|alt.badge.img+35

Hi guys,

Our company root ca cert expires annually & is due to expire in a few weeks time.

A new cert has been generated..

So I'm wondering if all I need to do is to distribute this new cert (which is named the same as the current cert), then when the current cert expires the new one should be used.

Is it that simple?

Regards,

Ben.

    6 replies

    J
    Forum|alt.badge.img+24
    • jarednichols
    • Valued Contributor
    • November 2, 2011

    If the new cert's valid from date has already passed, as soon as you install the new one it should take over. You're probably going to want to delete the existing one just to be on the safe side as you don't want two valid CA certs.

    Dumb question: Why make your CA expire annually? Public CAs are good for like 20 years.

    j
    ---
    Jared F. Nichols
    Desktop Engineer, Client Services
    Information Services Department
    MIT Lincoln Laboratory
    244 Wood Street
    Lexington, Massachusetts 02420
    781.981.5436

    bentoms
    Forum|alt.badge.img+35
    • bentoms
    • Author
    • Hall of Fame
    • November 2, 2011

    Thanks!

    As to the expirty It's not a dumb question at all & one I will raise. (it will probably be met with.... We've always done it this way... Or ... It's more secure..ugh..)

    I just wanted to make sure that I'm prepared for the change.

    Is removing the expired cert needed? Or is it a best practice thing?

    Regards,

    Ben.

    A
    • Anonymous
    • November 2, 2011

    Speaking of certs, what's the best way to distribute a cert to a system that hasn't had one before?

    My company requires a cert in order to connect to it's internal Lync server and it would be great to package the cert along with the client install.

    Thanks

    -- -- -- -- -- -- -- -- -- --
    Dave Simon
    Director, Media Engineering and Operations

    T +1.415.808.3594 | F +1.415.808.3535 | C +1.617.908.5043
    600 Harrison St • San Francisco, CA • 94107

    PRN | media where & when it matters

    B
    Forum|alt.badge.img+7
    • bbergstein
    • Contributor
    • November 2, 2011

    I deploy our Communicator cert with a PKG. Basically, it drops the cert file in a given location, then uses the script (as a post-script) from the resource kit to import it. This works really nicely for us, and I have a policy set up that is triggered at the end of the office installation, so its completely automated.

    --benji

    bentoms
    Forum|alt.badge.img+35
    • bentoms
    • Author
    • Hall of Fame
    • November 3, 2011

    Our Communicator cert was the root cert.

    Our Lync cert is seperate.

    But I use the resource kit script to import.

    Regards,

    Ben.

    J
    Forum|alt.badge.img+24
    • jarednichols
    • Valued Contributor
    • November 3, 2011

    Yup. I see the policy containing two packages. One for Lync itself (and possibly 3 package actually as there's an update for Lync now) and the other for the cert file laid down in some staging area (perhaps your own /Library/Application Support/<companyname> folder). Post-install script to install the cert.

    j
    ---
    Jared F. Nichols
    Desktop Engineer, Client Services
    Information Services Department
    MIT Lincoln Laboratory
    244 Wood Street
    Lexington, Massachusetts 02420
    781.981.5436

    Terms & ConditionsCookie settingsAccessibility statement