On 04/17/2017 09:32 PM, Heater, B. Roger wrote:
Our Self Signed Root certificate does not expire for
years, however,
our intermediate certificate, which is the default CA in DJIGZo and
the certificate that issued all of our individual users' certificates
expired at the end of March.
Is there a way for us to renew the default CA intermediate
certificate that has expired in DJIGZO so that the encryption
certificates for all the users do not need to be recreated?
Unfortunately that is not possible with the CA certs generated with
CipherMail. The best thing would be to create a new CA (root and
intermediate) and make sure it's valid for a very long period (for
example 20 years). The existing keys can still be used for decryption in
case some sender still uses the old certificates.
Instead of using the built-in CA, you might consider using an external
CA and create the root and intermediate(s) externally and then import
them into CipherMail. This might give you more flexibility. The built-in
CA is not as feature rich as a full blown CA server.
Kind regards,
Martijn Brinkers
--
CipherMail email encryption
Email encryption with support for S/MIME, OpenPGP, PDF encryption and
secure webmail pull.
https://www.ciphermail.com
Twitter:
http://twitter.com/CipherMail