> It seems to me that the OP is indeed asking something else entirely > different from the question which you yourself seem to have posed and > then immediately failed to answer. He's asking > > "Is it possible to extend the expiry of this certificate without > changing any other fields in the certificate?" > > to which it seems that the answer is > > "Yes",
How could the answer be anything other than yes? Could there be some mysterious force that compels you to change other fields? Or you can argue that the answer is "no", since you have to at least change the signature and you pretty much have to change the serial number. And the OP replies: > Yes. Thats what I was trying to ask. So, how can I change the > expiry date of an existing certificate without changing any > other field ? Is there any openssl command that I may use ? Did you not read or understand my answer? There is no difference between changing the date on the old certificate and issuing a new certificate. If you know how to issue a new certificate, you know how to change the date on an existing one because THERE IS NO DIFFERENCE BETWEEN THESE TWO THINGS other than philsophical differences. If you issue a new certificate that is the same as the old except for the serial number, how will anyone know you didn't just change the serial number on the old one? Will they somehow be the same bits and not new bits? IT MAKES NO DIFFERENCE. The question, as asked, is purely philosophical. Just issue a new certificate the same way you issued the original one, changing only the expiration date (and the signature, if you want). Tell everyone you changed the expiration date on the original, they won't be able to tell that you're lying. If you don't know how to or can't issue a new certificate with a new expiration date, then you can't change the expiration date on the old one either. Why? BECAUSE THEY'RE THE SAME THING. They're just two different ways of saying the same thing. If your driver's license expires, you can change the expiration date on the license and reprint it. Or you can get a new license with a new expiration date. The difference is -- wait for it -- nothing at all. It's the same thing. The same procedure to "issue a new license with a new expiration date" can be said to "reissue the original license with a new expiration date". The only thing that makes it "new" or "reissued" is the difference between the two licenses which is just the expiration date! Sorry if this sounds like insane ranting. I'm really trying to be helpful, but it seems like it didn't sink in the first time. DS ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
