Hi folks
I'm planning to use OpenXPKI to do general in-house PKI management (server cert
requests / publishing / CRLs/ renewals).
The issue is with renewals: in doc it's covered by 3 sentences, one of them
makes completely no sense to me:
"Request renewal by sending a new request signed with the existing certificate.
"
Isn't scr signed with corresponding priv key? What does it suppsoe to mean
"signed with existing cert"?
Further:
"Best strategy is to create the new request from the old certificate to ensure
the subjects match."
Ok, I do get that openxpki does not support renewing with re-use of original
priv key. but if generate new priv key and make csr out of existing cert (to
make sure subject matches exactly) and feed that csr into new cert request I'm
obviously getting "PKCS10 signature is not valid"
What am I missing? Or what the exact steps (in UI?) I need to follow for this.
Thanks
Sergei
_______________________________________________
OpenXPKI-users mailing list
OpenXPKI-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openxpki-users
