Did X4 backup server ever see the light?

I think it did booted once when we reached int_max number of subdomains and blocked all issuance, but wonder if servers periodically change rolls between primary and backup
Thinking about it, i don't think boulder can change its issuer while not screw ocsp, so maybe R3 was X4 with new cert

I'm not quite following your question, but the X4 intermediate certificate has not yet (and likely never will) signed any certificates, no.

Backup signing keys are usually only used in situations where the original signing certificate has to be revoked (because of attacks, key material stolen, or key material lost). That will hopefully never happen. But in the unlikely case it does, there's the (or a) backup key/cert to switch to.

And it is not a server (or data center), but a private key + certificate.

1 Like

Mostly just the private key, as there might be a multiple of certificates issued around the keypair, cross-signed intermediates and such.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.