0

(I deleted the earlier question. Rephrasing here for more clarity from my POV).

In my network, I do have one private CA who had issues certificates to 100 machines. Each machine has its expiry date different than others.

If this certificate gets expire then the underlying machine will not be able to communicate with anyone in the network.

I can execute a cron job or something to keep a watch on their expiry date. Also can schedule a script to execute to download a new certificate before its expiry. But here I don't know how to request CA to release a new certificate for the underlying machine.

Do I have to send CSR?

  • If yes then how to send CSR to CA.
  • If no then what/how to request CA.

Please note that all machines in this case are in a private network. (Honestly, I am not sure how these certificates were installed at first place)

SHW
  • 14,786
  • 14
  • 66
  • 101
  • 2
    Question is too broad: a CA is a certificate. It doesn't do anything by itself. A PKI (Public Key Infrastructure) is a software to manage CA and to create child certificates. So the real question is : what PKI are you using ? How did you generated the CA ? And the certificates signed with it ? – binarym Jul 13 '21 at 13:43
  • A workflow using openssl: https://deliciousbrains.com/ssl-certificate-authority-for-local-https-development/. Google has more. – berndbausch Jul 13 '21 at 15:02

0 Answers0