Re: PEM_read_PrivateKey does not return private key
Hi, I have a private CA certificate created using openssl command line. The issue is that the certificate expires on 19th Oct, 2007. The question is that Is it possible to extend the expiry of this certificate without changing any other fields in the certificate? Basically, I want to continue using this CA Cert to sign end-user certs for a longer time. Any help will be appreciated. Thanks.
Re: PEM_read_PrivateKey does not return private key
I have a private CA certificate created using openssl command line. The issue is that the certificate expires on 19th Oct, 2007. The question is that Is it possible to extend the expiry of this certificate without changing any other fields in the certificate? Basically, I want to continue using this CA Cert to sign end-user certs for a longer time. Any help will be appreciated. Thanks. Use the same key and the same DN and the cert will continue to act as a valid CA for any other certs you have signed. However, any site that has cached your CA cert will have to get the new one. Theirs will expire soon. Jim __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: PEM_read_PrivateKey does not return private key
On Wed, Oct 17, 2007 at 12:43:03PM -0700, Jim Fox wrote: I have a private CA certificate created using openssl command line. The issue is that the certificate expires on 19th Oct, 2007. The question is that Is it possible to extend the expiry of this certificate without changing any other fields in the certificate? Basically, I want to continue using this CA Cert to sign end-user certs for a longer time. Any help will be appreciated. Thanks. Use the same key and the same DN and the cert will continue to act as a valid CA for any other certs you have signed. Also the same serial number and authority identifier in v3 extensions if present in the expiring CA cert, for example: ... Serial Number: c5:30:80:16:44:78:d9:12 ... X509v3 extensions: X509v3 Basic Constraints: critical CA:TRUE X509v3 Subject Key Identifier: F1:EF:77:42:18:C4:D6:E2:6D:1C:3D:A8:02:BE:E2:F3:E4:6E:50:40 X509v3 Authority Key Identifier: keyid:F1:EF:77:42:18:C4:D6:E2:6D:1C:3D:A8:02:BE:E2:F3:E4:6E:50:40 DirName:CA DN serial:C5:30:80:16:44:78:D9:12 ... If any of this information changes, certificates will fail verification. -- Viktor. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]