> > I would replace your public-facing SSL keys/certificates if I were you. That's of little value until the old certificates get out on a CRL. > That's relatively easy. Assuming that your CA can handle a few million revocation requests all at once. Jim