Lutz Jaenicke wrote:
On Fri, Feb 07, 2003 at 05:39:21PM +0100, Michael Bell wrote:
...
I think the following about the options:
- 3 and 4 are obsolete
- 2 is the best way but you have to patch OpenSSL
- 1 is the default way if you can accept another DN for the new certs
I hope one of these options work for you. What do you think about them?
As I stated above, having a second certificate for the same DN _and_ the
same public key was possible with manually tricking around with OpenSSL.
Netscape even can handle this situation (several certificates with the same
private key) and will automatically use the correct (valid) one.
I also cannot see a reason to not use this technique... Do you see one?
No.
Have a nice weekend
Michael
--
-------------------------------------------------------------------
Michael Bell Email (private): [EMAIL PROTECTED]
Rechenzentrum - Datacenter Email: [EMAIL PROTECTED]
Humboldt-University of Berlin Tel.: +49 (0)30-2093 2482
Unter den Linden 6 Fax: +49 (0)30-2093 2959
10099 Berlin
Germany http://www.openca.org
-------------------------------------------------------
This SF.NET email is sponsored by:
SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See!
http://www.vasoftware.com
_______________________________________________
Openca-Users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/openca-users
