You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Richard Crowley edited this page Apr 13, 2014
·
8 revisions
If your root CA's private key leaks you're out of luck and have to burn the whole PKI to the ground. If you have bad, but slightly less bad, luck and only your intermediate CA's private key leak you can recover.
First, revoke every certificate issued by the compromised intermediate CA:
TODO
Next, revoke the intermediate CA certificate:
certified-ca --revoke
Finally, regenerate all the certificates previously signed by the intermediate CA: