02-27-2023 12:28 PM
What should be the certs installed or included for ssl vpn. I typically see identity cert getting renewed every year ( before it used to have 3 yrs validity), but along with it, should I update the intermediate and root cert as well every time?
What is cert chain? Is it both intermediate and root together? If I see that these two are valid for many years to come can I just renew the identity cert and not worry about chain?
02-27-2023 02:50 PM
Most PKI environment the root CA will be valid for long time, intermediate and SAN will be updated every year or 3 years depends on setup.
What is cert chain? Is it both intermediate and root together? If I see that these two are valid for many years to come can I just renew the identity cert and not worry about chain?
02-28-2023 05:47 AM
Correct the certificate are now for 1 year life time. This is where it put me in extra pre-work every year and keep track on the cert when its going to expire
for public certificate (I assume this is what you talking about) they are as said by you 1 year life time. when you generate the CSR for your certificate identity require and give this CSR to public CA they will generate/signed the cert (giving you the identity cert) with that they will give you the sub-ca and ca. normally the ca and sub-ca life windows is more than 5 or 10 year.
What is cert chain? Is it both intermediate and root together?
certchain include your Identity cert with sub-ca and ca
If I see that these two are valid for many years to come can I just renew the identity cert and not worry about chain?
correct
Example: I just check go daddy CA life time dates are as below
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide