Tell me please what will happen if my ssl CA server is decommissioned and I am using certificates signed by this CA to establish connection between internal Apaches and reverse proxies Apaches?
SSLVerifyClient properties in Apaches are set to default.
Do you have CRL checking enabled on any of those systems?
If you don't have CRL checking enabled, then removing the CA shouldn't really mean much. You would still need the CA cert to validate the per-server certificates.
The certificates will eventually expire, and you will need to issue new certificates, or reconfigure your system.
