Am 30.04.2015 um 09:02 schrieb Nicolas Grelliere:
An other question concerning the scep mechanism, i have enrol a client to my PKI server. By default the renewal period is fixed to 14 days, during this period, if one client certificate is almost out of day how can i do to renew it ? I have just to use sscep as the example in the QuickStart guide ? Concerning the parameters on the sscep command :* Can i use the first csr certificate generated for the enrolment * Should i use the crt certificate almost out of date ?
The scep renewal process expects a new csr signed with the old certificate. Note that the Subject (at least the CN) of the new request must match the old certificate, the fastest was is to use openssl x509toreq option to generate a new key/csr from the old one.
You might also have a look at our sister project "certnanny", it is a wrapper around sscep that automates all those jobs.
Oliver -- Protect your environment - close windows and adopt a penguin!
smime.p7s
Description: S/MIME Cryptographic Signature
------------------------------------------------------------------------------ One dashboard for servers and applications across Physical-Virtual-Cloud Widest out-of-the-box monitoring support with 50+ applications Performance metrics, stats and reports that give you Actionable Insights Deep dive visibility with transaction tracing using APM Insight. http://ad.doubleclick.net/ddm/clk/290420510;117567292;y
_______________________________________________ OpenXPKI-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openxpki-users
