Hi Pierre,
On Thu, 19 May 2005, Chris Covell wrote:
Pierre,
Then I need another explanation concerning Serial numbers and DNs. I notice that when I renew a request, the new request and certificate will have a new serial number and therefore a new DN. So my newbie question not only concerns OpenCA: Is it possible to renew a certificate without changing the DN info? That is only changing the "not after" field, because, actually, this is the only thing I am really concerned about when renewing a certificate. Do other CA software behave differently with renewals?
I have not played with this, but you can't have a new certificate with the same serial number (as this is in the database etc). I don't know what happens if you do not include the serial in the cert.
You can exclude the serial from the DN. Then, if "unique_subject=no" is present in the openssl.cnf (in the [CA_default] section), you can issue more certificates with the same DN. I think the default setting for this is yes (yes is assumed, if "unique_subject" is not present in the file), though I'm not completely sure about that. I cannot, however, comment on re-certifying the same key with the same DN, as I have always used new keys when issuing a new cert with an already existing DN (don't ask me why). Hop this helps,
Cheers
Szabolcs
Chris...
------------------------------------------------------- This SF.Net email is sponsored by Oracle Space Sweepstakes Want to be the first software developer in space? Enter now for the Oracle Space Sweepstakes! http://ads.osdn.com/?ad_id=7412&alloc_id=16344&op=click _______________________________________________ Openca-Users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openca-users
------------------------------------------------------- This SF.Net email is sponsored by Oracle Space Sweepstakes Want to be the first software developer in space? Enter now for the Oracle Space Sweepstakes! http://ads.osdn.com/?ad_id=7412&alloc_id=16344&op=click _______________________________________________ Openca-Users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openca-users
