In message [EMAIL PROTECTED] on Tue, 25 Mar 2003 16:50:01 +0700, Blue-Boonchai
Aussawasongsilp [EMAIL PROTECTED] said:
boonchai.a i serach some information and summarize by myself is
boonchai.a renewal = same key,same subject and new serial .
boonchai.a
boonchai.a but i test renewal cerificate with signed document by old cert.
boonchai.a it's not work i mean can't replace renewal cert to old cert completely.
boonchai.a ex, i encrypt with old cert but can't decrypt with renew cert.
boonchai.a
boonchai.a and i gen new cert which same key,same subject and same serial ,test with
boonchai.a old cert
boonchai.a result it's completely replacement
boonchai.a i mean , i encrypt with old cert and can decrypt with new cert (same
boonchai.a serial).
boonchai.a
boonchai.a this is my problem
boonchai.a i think renewal = same key,same subject and new serial and completely
boonchai.a replacement
boonchai.a but completely replacement requrie same serial
boonchai.a
boonchai.a really, renewal ceritificate is same/new serial ??
boonchai.a renewal should completely replacement???
From a PKI theory point of view, if you have a new certificate with
the same key, you should have no problems, since the key is what you
use for decryption. The serial number is irrelevant at this point.
However, if the software in question has, for some reason, been
foolish enough to store a hash of your old cert, or something
containing the old certificate's serial number, and needs that data to
match, I can see where your problem is.
--
Richard Levitte \ Spannvägen 38, II \ [EMAIL PROTECTED]
[EMAIL PROTECTED] \ S-168 35 BROMMA \ T: +46-8-26 52 47
\ SWEDEN \ or +46-708-26 53 44
Procurator Odiosus Ex Infernis-- [EMAIL PROTECTED]
Member of the OpenSSL development team: http://www.openssl.org/
Unsolicited commercial email is subject to an archival fee of $400.
See http://www.stacken.kth.se/~levitte/mail/ for more info.
__
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
