Renewing a CA cert
Quick queston. If you renew the CA certificate you can choose to keep the same key pair or generate new keys. Generating new keys is obviously more secure, but is this then going to expire all of the certs that were created with the old pair? I can't find a definitive answer, but it seems logicial.
Decide what to be and go be it.