Tag Archive

Have you ever had to rotate the certificates for a root authority? It’s not what you’d describe as a “fun time” - unlike your usual certificate rotation, a root CA rotation means ensuring all of your clients also trust the new root authority. If you have been oh so careful - careful beyond what might be expected of any human, let alone any group of humans - you might be able to simply update the system trust stores on all of your hosts. If you’re using Windows and Active Directory, all the better.

“It’s okay,” I thought to myself. “I have backups. It’s fine.” But it wasn’t fine.