I'm using OpenSCEP with openssl. My CA Certificate has just expired.
Now since our VPN sees very little use (only one important user) I'd like to re-issue
the x509 CA certificate with the same key but different attributes (a later expiry date).
Can this be done without re-generating every certificate ever issued from scratch ? The
real question here is do x509 certificates that have been signed by a CA certificate store a
hash of the CA certificate based solely on the CA's key or based on the full CA certificate including
it's attributes ?
Has anyone had any experience doing this ?
Thanks for any help,
Rory Chisholm
______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
