4

I need to renew ca certificate. I use easyrsa. I know there is command easyrsa renew foo but it works only with regular certificates. I can't see any option like easyrsa renew-ca and easyrsa renew ca does not work.

How can I do it properly? Do I need to run easyrsa build-ca again?

T0maas
  • 181
  • 1
  • 5
  • You do understand that creating a new CA certificate and "renewing" a CA certificate is the same process? TLS certificates cannot be renewed, they can be replaced with new certificates, before and/or as they exipire. – Ramhound Feb 09 '23 at 15:41
  • Yes I know, but how to do this using easy-rsa? build-ca wants to run init-pki again, what can it cause? Will it lost key? – T0maas Feb 15 '23 at 12:55
  • Btw I have many remote clients, what should I do first before expiration? Should I firstly renew server's cert or client's certs? Can clients with older (but still valid cert) connect to server with newer cert (or vice versa)? – T0maas Feb 15 '23 at 12:57
  • If I do it wrong I will lost connection to all clients and they are at far place and it will cost money to drive them all around the country. – T0maas Feb 15 '23 at 13:00

0 Answers0