Workshop (to be) held on 2015/04/16 at 17:30 in daveruss's bay
- Generate new CA cert - Done!
- Reconfigure apache to accept both CA certs - Done!
- Add 'CA' field to the certificates table and model - Done!
- Pair certificates up with their CA - Done!
- Generate the appropriate CA config for the openvpn tunnels - Done!
- Modify the new-node key-signing script to do the right-thing with the new CA config - Done!
- Modify the re-key script to do the right-thing with the new CA config. - Done!
- Test extensively (optional)
- Generate new https cert for auth2.sown.org.uk
- Magically get all the nodes to switch to the new ca and new https cert at the same time.