Hi Chris/Pierre,
Chris Covell wrote:
Pierre,
Then I need another explanation concerning Serial numbers and DNs. I notice that when I renew a request, the new request and certificate will have a new serial number and therefore a new DN. So my newbie question not only concerns OpenCA: Is it possible to renew a certificate without changing the DN info? That is only changing the "not after" field, because, actually, this is the only thing I am really concerned about when renewing a certificate. Do other CA software behave differently with renewals?
I have not played with this, but you can't have a new certificate with the same serial number (as this is in the database etc). I don't know what happens if you do not include the serial in the cert.
In this case you must first revoke the "old" cert (or wait until it expired) and than create a new one.
It IS possible to have concurrent certs with the same DN, but you need a recent version of openssl (somewhat beyond 0.9.8 beta AFAIK).
Oliver -- Diese Nachricht wurde digital unterschrieben oliwel's public key: http://www.oliwel.de/oliwel.crt Basiszertifikat: http://www.ldv.ei.tum.de/page72
smime.p7s
Description: S/MIME Cryptographic Signature
