Hi guys, We are near the end of a migration from one PKI chain to another within the same forest. To complete the migration I would like to retire the old CA's entirely rather than "age them out" - currently the CA is not issuing any certificates but it's CRL is still in use and is valid until mid-2013. I was wondering whether I would be able to supercede the templates in use - specifically client (Computer templates) used for Wireless authentication - and thus trigger enrolement by all clients for new certificates issued by CA's in the new chain. Would this revoke/invalidate existing certificates and thus break wifi connections, or would current certificates still be valid whilst clients enrolled for the new certificate using the new template? Any thoughts/suggetsions appreciated - hopefully the above makes sense.... thanks :)MCTS 70-640 | MCTS 70-642 | Prince2 Practitioner| ITIL Foundation v3 | http://www.cb-net.co.uk

Superseding will cause the client to delete or archive the old certificate and replace it with a new one based on the new template. /Hasain

Superseding will cause the client to delete or archive the old certificate and replace it with a new one based on the new template. /Hasain So the client will keep the current certificate (i.e. the CA will not revoke it) until it is able to request a new certificate? Thus not affecting wireless connectivity that is using the current certificates?MCTS 70-640 | MCTS 70-642 | Prince2 Practitioner| ITIL Foundation v3 | http://www.cb-net.co.uk

Yes, the old certificate will be kept until the new request has been completed successfully! /Hasain

Yes, the old certificate will be kept until the new request has been completed successfully! /Hasain