>I did not get a new or renewed certificate. Does it mean that I have to
>wait until a certificate has actually expired to be able to renew it?
Shouldn't have to - just revoke it.
see
http://remus.PrakInf.TU-Ilmenau.DE/ssl-users/archive8/0040.html
in the archive for step by step instructions of editing index.txt. to indicate
revocation.
run ca -gencrl to generate your crl (as if they're ever used by anything)
now run your x509 -x509toreq to get your new cert request
now ca should be able to sign it. No It should not have the same serial number.
A/
+-------------------------------------------------------------------------+
| Administrative requests should be sent to [EMAIL PROTECTED] |
| List service provided by Open Software Associates, http://www.osa.com/ |
+-------------------------------------------------------------------------+
