Re: CA Question

[Michael Dickey <lonervamp () gmail com>]

Unless I'm missing some piece here, that should be ok as long as:
- the name the cert is tied to matches the router it is on
- the private key is moved as well
- the cert isn't expired yet


Even if you change your private key, chances are you can still just generate
a new private key on the new router, generate a new CSR, and submit it to
the CA to get reissued. Depending on the cert and CA, that is.

As a small caveat, I'm assuming you're fully replacing one router, so you're
not going to end up with 1 cert used in 2 places. While I don't think a CA
has any way to really enforce it, they do stipulate, usually, that it should
be used on just one production-level device.



On Mon, Apr 25, 2011 at 4:55 PM, Gibson, Samuel <gibsons () my uwstout edu>wrote:

>  Hello,
>
>
>
> This may be a bit of a silly newb question, but I was wondering if it is
> possible to transfer a certificate that has been signed by a CA (i.e.
> Thawte, Verisign) to a new device.  Consider the following situation:
>
>
>
> RouterA is using the signed cert for its remote access webpage.
>
>
>
> RouterA is intended to be upgraded by installing RouterB with the same
> config.  Is it possible to transfer the signed certificate from RouterA to
> RouterB in a way that allows it to remain valid, thus transparent to end
> users?
>
>
>
> Thank you very much for your time,
>
> Sam
>
> _______________________________________________
> Pauldotcom mailing list
> Pauldotcom () mail pauldotcom com
> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
> Main Web Site: http://pauldotcom.com
_______________________________________________
Pauldotcom mailing list
Pauldotcom () mail pauldotcom com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com