I have been trying to renew a certificate geterated for signing emails.
The renew goes ok. first revoke old one then resign req with new end date
etc. and I can use the new certificate ok.

However if I try and open an "old" email sent from home using my old
certificate to sign it - I can't Outlook can't find the private key for
the message. But if I put the expired certificate back on my windows box
it does find it and all is well.

Does this mean to open old email I allways need to leave my expired certs
on the PC, or Have I not managed to re-sign the certificate properly? Or
is this just the way it works?

I have investigated; and the new certificate has a different serial number
to the old one, if I "fidle" the certifate number and for openssl to
re-sign the certificate with the same serial number - it works! But I am
sure you are not suposed to do this!

Anyone any ideas, suggestions?

DEREK
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]

Reply via email to