The Org CA in our tree was set up as subordinate to our MAD CA in accordance with the instructions in TID 3090028. This has been working fine for us but the SubCA certificate is due to expire in about six weeks so we need to renew the certificate. Looking at TID 7013047 the way to renew an expired (or in our case due to expire) CA is to delete it and create a new CA. This is straightforward in the case of a CA that is not subordinate, of course.

I am guessing that we need to take a similar approach to delete and recreate the Org CA but will need to follow the steps in TID 3090028. However from my re-reading of the TID I don't think that I need to follow Step 2 as we already have the trusted root container and trusted root object from when we first set up the Subordinate CA. Is this correct?


Stuart Kett