Am I reading the 0.9.8 documentation correctly, that there is no way to get 'openssl req' to read in a CSR, generate a new keypair, and write out a new CSR and private key? Because that would be mighty handy for ordering renewals while not allowing the private key to go stale. Like:
openssl req \ -in 2007.csr \ -newkey rsa:2048 \ -out 2008.csr \ -keyout 2008.key Yeah, I could generate a completely new CSR with the constant data filled in using a custom config, IF I had built the original CSR that way, but I didn't. :-( Maybe I will go ahead and make one for next year. -- Mark H. Wood, Lead System Programmer [EMAIL PROTECTED] Typically when a software vendor says that a product is "intuitive" he means the exact opposite.
pgpwLwFBU4rOO.pgp
Description: PGP signature