On Oct 24, 2011, at 1:00 PM, Raj Kettimuthu wrote: > I assume there is no need to resign the certificates issued by this CA. > > On Oct 24, 2011, at 10:08 AM, Joseph Bester wrote: > >> >> On Oct 24, 2011, at 9:16 AM, Lukasz Lacinski wrote: >> >>> A CA certificate in Globus Simple CA is generated for five years by >>> default. How to renew the certificate when it expires? >>> >>> Thanks, >>> Lukasz >> >> This isn't something that can be done with the globus-simple-ca scripts. >> However, the openssl command can do it. I think something sort of like this: >> >> openssl req -key ~/.globus/simpleCA/private/cakey.pem -new -x509 -days >> $((365 * 5)) -out /tmp/newca.pem -config ~/.globus/simpleCA/grid-ca-ssl.conf >> >> The path names might not be right for the conf file, I was basing this on >> 5.1.1. >> >> Joe >
Right. This command should generate a new CA certificate with the same key pair as the old one, so that certificates created by the old CA cert will continue to work with the new CA cert. Joe
