摘要:
A host/agent system and security-certificate-management infrastructure enhanced to provide backward compatibility, despite launching of new administrative host processes employing new software versions, to avoid regenerating and redistributing security certificates to existing agents. Certificate management is removed from the administrative host process and embedded within a new certification-authority entity. The new certification-authority entity generates new digitally signed security certificates using the previously generated host private decryption key, inherited as the new CA private decryption key by the CA. The administrative host software can be upgraded to a new version that includes security-certificate-management tools provided by a new vendor, without the need for generation of a new encryption/decryption key pair for verifying and digitally signing security certificates and concomitant obsolescence of the existing, already distributed security certificates.
展开