Initial situation:
For the automatic obtainment of certificates via MPKI, the certificate provider (CA) is to be changed.
Question:
1.What happens to the existing certificates of the former provider?
Answer:
Unless the certificates are revoked, they remain valid until the end of the validity period.
2.Will expired certificates of the old CA or manually imported certificates be automatically replaced by new certificates of the CA currently set in the MPKI?
Answer:
Provided that the automatic renewal of certificates (Automatically renew expiring certificates if validity days left less than) has been activated in the MPKI settings of the corresponding provider, it is irrelevant which CA has created the expiring certificate. The renewal process is based exclusively on the validity of the respective existing certificate with the longest validity period.
Exception:
For self-signed certificates, please refer to the note on the option (Automatically renew expiring certificates if validity days left less than) of the corresponding MPKI provider.
|
Since the CA to be replaced can no longer be reached by the SEPPmail Secure E-Mail Gateway after changing the MPKI configuration, the certificates of this CA can no longer be revoked by the SEPPmail Secure E-Mail Gateway. If it is desired to work with the certificates of the new provider as of the point in time of change, •the certificates of the provider to be abandoned will have to be revoked before the change in configuration, •and, after changing the configuration, the new obtainment of certificates via the option Automatically create certificates for active users without certificates will have to be activated for all users in the MPKI settings of the current provider
|
