Mohan,
It is my understanding that it is the clients job to make sure the
certificate is valid, and if it is not, then it will terminate the
connection. With openssl, you can set the verify mode with
SSL_CTX_set_verify() so the client will ignore certificate errors, but as
the server it is your j
Hi,
Ok. I am just trying to understand the rules for refreshing an
intermediate certificate or any other certificate that has expired or
has been compromised without breaking the SSL connection.
Thanks,
Mohan
On Thu, Aug 19, 2010 at 9:06 PM, Sam Jantz wrote:
> Mohan,
> Unless the certific
Mohan,
Unless the certificate is self-signed there is no way to change the
information without having to invalidate it by signing it yourself anyway.
You would either have to get a new certificate from the same (or other
trusted) CA, and install that one, or (if it is self signed) generate a new
Hi John,
Yes. We do use SSL certificates. You can consider me a
newbie. I am just trying to understand the ways to roll an
intermediate or any other certificate that is going to expire soon
without causing an outage. Is that possible at all ?
(e.g)
If a certificate is compromised I
From: Mohan Radhakrishnan
> Is there any material that shows how to roll to new
> certificates using OpenSSL ? I am looking for a test case to
> understand how this works. Anyone know about this ?
Did you try to google something like "generate certificate openssl" or "openssl
certi
Hi,
Is there any material that shows how to roll to new
certificates using OpenSSL ? I am looking for a test case to
understand how this works. Anyone know about this ?
Thanks,
Mohan
__
OpenSSL Project