On 29/07/2016 06:13, asmarner at yahoo.com wrote: > Hi, > > I am new to SSL stuff. > > I was wondering whether the CA chain of a certificate can be changed. > > Let say the initial chain is > > Server->Intermediate CA1->Intermediate CA2->Root CA > > and during renewal we have Server->Root CA > > > Renewal creates a brand new key with a brand new certificate, which can (and often does) have an entirely new chain.For example: Server cert 2014->Big Name Intermediate G2014->Big Name Root CA R2010 Server cert 2016->Big Name Intermediate G2016->Big Name Root CA R2015 Also, it is possible to have more than one chain leading to the same server cert, with the possibility to reconfigure the server to send a different one of those chains: Server cert->Intermediate CA1->Intermediate CA2->Root CA1 Server cert->Intermediate CA1->Root CA2 Enjoy Jakob -- Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com Transformervej 29, 2860 S?borg, Denmark. Direct +45 31 13 16 10 This public discussion message is non-binding and may contain errors. WiseMo - Remote Service Management for PCs, Phones and Embedded
