My name is Clement DeLarge and I’m a Practice Team Lead for Application Development with EMC. When I’m not working, I’m raising my son, riding my motorcycle, playing with technology, or just about anything else that’s fun that I come across. I hope you come across something on this site that might just make your life a little easier, or at least your day or project. 😉
Want to know more? Check out my personal (non-professional) blog at http://d3planet.com/clement/.
Advertisements
Mr. DeLarge,
I’ve come across your blog on a few different searches via google and I find your posts very helpful. I wonder if you have done a removal of CA in any environment?
@Chris: I’m glad my posts have helped you. Taking a CA offline can be easy or challenging depending on your scenario. Are you looking to decommission a CA in a multiple CA environment, or just take a CA offline and leave it that way? Are you looking to replace the CA with a new one? Are there certificates in circulation from the CA that you want to decommission?
A quick rule of thumb, if you need to keep certificates in place, is ‘replace’ and ‘revoke’. Replace the certificate from the CA that is being decommissioned with a certificate from another CA, test to make sure the certificate is properly installed, then revoke the original certificate using the CA that is to be decommissioned. That is the cleanest method, and helps to make sure that all certificates that were issued by that CA are no longer in use.
If you give me your scenario / use case, I can help you with a more detailed solution.
Hi Clement,
Sorry for contacting you this way. Would have liked to formally mail you an invite
I was wondering if you would be interested in reviewing http://ubiq.co for your readers. It is a new web based MySQL reporting tool I’ve built. Happy to provide extended free usage to your readers.
Regards,
Sreeram