Re: [Openca-Users] Renew a Browser generated Certificate

Fri, 04 Jul 2003 03:03:21 -0700

Hi Baba,

sorry I didnt make my question clear enough...

I know about the theorie with keys and certs - but I am looking for the pratical solution for renewing the certs when the scheduled lifetime (1 year) is over....
Because the Certs are "only" expired and the keys are still safe I just want to refresh the timestamp on the certificate. So I think its enough to simply re-sign the public key of the users keypair.

I tried now to simply redo the Request (its stored in the database vor each valid certificate) and it seems to work. Mozilla reasigns the cert to the "old" keys and uses it together - I have to check Outlook now...

Oli


Babatunde A Jayeju-akinsiku wrote: 
Oliver
this is going back to basics. if you need to renew the old certs, then
you'll have to revoke the old ones, i don't think you need to regenerate the
keys (at least in principles) unless of course the keys are compromised.

Baba 


-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of Oliver
Welter
Sent: 04 July 2003 08:44
To: [EMAIL PROTECTED]
Subject: [Openca-Users] Renew a Browser generated Certificate


Hi Folks,


BIIIG problem :P
I have openca 0.9.1-1 running successfully and issued certificates to
some people. We chose client-side key generation (using Mozilla 1.3/1.4
on Win/Linux and IE 5x/6) - now everybody has a kind of p12 File with
his/her private Key and valid cert.
What I am looking for: It is possible to renew the cert without changing
the private key ?? How ??? Or must I create new keys every year this way
and should use server-side key gen ?

regards

Oliver



-------------------------------------------------------
This SF.Net email sponsored by: Free pre-built ASP.NET sites including
Data Reports, E-commerce, Portals, and Forums are available now.
Download today and enter to win an XBOX or Visual Studio .NET.
http://aspnet.click-url.com/go/psa00100006ave/direct;at.asp_061203_01/01
_______________________________________________
Openca-Users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/openca-users




-------------------------------------------------------
This SF.Net email sponsored by: Free pre-built ASP.NET sites including
Data Reports, E-commerce, Portals, and Forums are available now.
Download today and enter to win an XBOX or Visual Studio .NET.
http://aspnet.click-url.com/go/psa00100006ave/direct;at.asp_061203_01/01
_______________________________________________
Openca-Users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/openca-users

Reply via email to