Hi Matthias, I had been working with a CSR from a subordinate CA in our organization so I didn't want to keep bothering him for a new CSR every time I changed an extension in the openssl.cnf. Thanks for the info on cert time out - I didn't know that. One question though, isn't cert lifetime tied to key length? Is it good practice to reissue a cert with the same keys?
Regards, Mike > Hi Mike, > > I am not sure, but in normal case you only revoke a certificate either > when the private key got lost / compromised or if you do not use it > any more. So it is ok when you can't reuse the public key. > > But perhaps you though of a certificate renewal. This is possible when > the certificate timed out. Then you can ask for a new certificate > useing the same public key as used before. > > Hope I could help you with this. > ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV _______________________________________________ Openca-Users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openca-users
