2

Suppose there are two organizations which share information with each other. Every organization installs SSL certificate in their application server and provides the same certificate to other organization to communicate properly using SSL. If both the orgainzations installs new SSL certificates prior(15 days before of actual expiry) to expiry of old certificates. How can we check if the new installed certificates are/will work properly i.e. handshake is proper? to avoid any error after expiry of old certificates if new certificates were not installed properly.

Thanks in advance....

shinek
  • 121
  • 2

1 Answers1

1

The easiest way to check the certificates are working, is to force usage of them for one connection. So one could make a live test by telling the other company to disable old certificate for ~5 mins at a given time and you're company would do the same and then you'd see if it works. You could roll back to the old certificates afterwards, in case of error and still have some time to fix errors.

SEJPM
  • 367
  • 5
  • 16
  • Thanks a lot for reply.Can you tell me how to disable the certificate? By any command or need to change the code.Also, let me know the best practice for installation of SSL certificate i.e. do we need to create new Truststore everytime installing other organiztion certificate or just append them in existing truststore. –  Apr 11 '15 at 14:09
  • 1
    As I think you install a certificate by copying it into the right location, so your server finds it. Now you could just temporarily move the old one to another location and just have the new one in this location. I'm not sure if your corporations use self-signed certificates, if not you don't need to alter the truststore. If so (-> self-signed) you'd need to replace the old certificate by the new one. –  Apr 11 '15 at 17:05