Hi, we are using SSLv3 certs, and have a multi-master replication environment.

 

I have over 2000 clients currently using these CAs, and updating them to TLS seems highly disruptive.

 

Does anyone know of a way to add the updated TLS cert, while still honoring the old SSLv3 certs from clients?
Or perhaps a way to add new replicas in to the environment with the new TLS certs, but also add them in to the replication pool with the old SSLv3 systems?

 

Maybe a good guide/white paper on how to achieve this for PCI requirements?