Krzysztof Ryba a e'crit : > Hello > > Three months ago Nicolas Vahlas wrote, but there was no answer: > >> I have an installation of OpenCA where the CA certificate has expired. >> This was a self-signed CA certificate. >> I would like to renew this certificate i.e. extend the expiration date >> without change the rest of the certificates data. >> >> Is there a way to do this ? >> >> What if I use the "General" > "Initialization" > "Initialize the >> Certification Authority" > "Self Signed CA Certificate (from altready >> generated request)" functionality of the OpenCA web interface ? >> >> If not, should I use OpenSSL directly ? How is this possible ? >> >> >> > > Now I have very similar problem: I have to issue certificate for user > which will be valid for next 24 months but unfortunately CA self-signed > certificate is going to be expired in 11 months so I have to f.e. extend > the expiration date of CA cert. > > Is is (and if) how to do this? Could anyone help and give me/us some hint. > > Regards, > > Unfortunately a CA certificate should not be renewed before the pki infrastructure has became obsolete !! Thus the CA certicate always have serial number 0. Working around this problem could be done using openssl but this should not be recommended.
When i encountered a similar problem , i redifined a new pki infrastructure from the scratch and provide new certificate to all the old users. Sorry, Dominique ------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ _______________________________________________ Openca-Users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openca-users
