Expired CA Certificate
am 10.02.2004 14:13:30 von Rory Chisholm
This isn't totally modssl related but maybe someone knows the answer.
I'm using OpenSCEP with openssl. My CA Certificate has just expired.
Now since our VPN sees very little use (only one important user) I'd like
to re-issue
the x509 CA certificate with the same key but different attributes (a later
expiry date).
Can this be done without re-generating every certificate ever issued from
scratch ? The
real question here is do x509 certificates that have been signed by a CA
certificate store a
hash of the CA certificate based solely on the CA's key or based on the
full CA certificate including
it's attributes ?
Has anyone had any experience doing this ?
Thanks for any help,
Rory Chisholm
____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org
RE: Expired CA Certificate
am 10.02.2004 23:04:35 von fdyanez
We recently had a problem with our Verisign Intermediate CA Certificate.
This link (https://www.verisign.com/support/site/caReplacement.html) points
to how they said to fix the problem. Your case may be similar.
Florian Yanez
Manager of Technical Systems
Helzberg Diamond Shops, Inc.
fdyanez@helzberg.com
816-627-1253
-----Original Message-----
From: owner-modssl-users@modssl.org
[mailto:owner-modssl-users@modssl.org]On Behalf Of Rory Chisholm
Sent: Tuesday, February 10, 2004 7:14 AM
To: modssl-users@modssl.org
Subject: Expired CA Certificate
This isn't totally modssl related but maybe someone knows the answer.
I'm using OpenSCEP with openssl. My CA Certificate has just expired.
Now since our VPN sees very little use (only one important user) I'd like
to re-issue
the x509 CA certificate with the same key but different attributes (a later
expiry date).
Can this be done without re-generating every certificate ever issued from
scratch ? The
real question here is do x509 certificates that have been signed by a CA
certificate store a
hash of the CA certificate based solely on the CA's key or based on the
full CA certificate including
it's attributes ?
Has anyone had any experience doing this ?
Thanks for any help,
Rory Chisholm
____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org
____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org