mirrors/vault
1
0
Fork 0
mirror of https://github.com/hashicorp/vault.git synced 2025-11-28 14:11:10 +01:00
Code Issues Projects Releases Wiki Activity

Update index.html.md

Browse Source
This commit is contained in:
Jeff Mitchell 2017-04-18 15:50:44 -04:00 committed by GitHub
parent 32854c8066
commit cb0b22031d
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
website/source/docs/secrets/pki/index.html.md
View File

@ -66,8 +66,8 @@ This also provides a convenient method of switching to a new CA certificate
while keeping CRLs valid from the old CA certificate; simply mount a new
backend and issue from there.
A common pattern is to have one mount act as your root CA, which is only
used for signing intermediate CA CSRs mounted at other locations.
A common pattern is to have one mount act as your root CA and to use this CA
only to sign intermediate CA CSRs from other PKI mounts.
### Keep certificate lifetimes short, for CRL's sake