Thanks
So I need to keep request files as I keep cert files...
I think renewal is interesting because we don't think the validity period of
certs is determined by their weakness but by an internal policy of users and
CRL management. In an organisation delivering certificates to its members, we
don't know how long they will stay there and so can't deliver long-time
certs. So the renewal has some long-term benefits for users (e.g when using
secure mail).
Regards.
Maxime
> Maxime Dubois wrote:
> >
> > I generate user certificates with IE and Netscape by using Xenroll dll
> > and Keygen, I want to know if I can renew a certificate: revoke the old
> > one but generate a new certificate for the SAME key pair.
>
> If you store the certificate requests (SPKAC in case of Netscape
> Navigator or PKCS#10 in case of M$ IE) you can issue new
> certificates for the same key pair later.
>
> But think again if certificate renewals make sense. It depends on
> your security considerations.
>
> Ciao, Michael.
> ______________________________________________________________________
> OpenSSL Project http://www.openssl.org
> User Support Mailing List [EMAIL PROTECTED]
> Automated List Manager [EMAIL PROTECTED]
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
