Hello all!
I've developed a solution that leverages openssl (Through COM) for certificate management. We have our own internal CA and we have issued over 500 X.509 client certificates for accessing sensitive information on our customer support site. It works great! Today, we hit a problem. For whatever reason a cert that we issued expired too early for one of our customers. (typeo during request signing?). We have a database "index.txt" that contains the expired cert, but it's still listed with a "V". I can't figure out a way to properly expire this certificate so that it (openssl) will allow me to re-issue another one with the same DN. What I've done as a workaround is manually modify the DN in the index.txt file so that the DN doesn't match. It's working for now, but I fear that down the road when all 700 of our client certs will need renewal or re-issuing, we will hit some serious problems.
What is everyone's experience on this matter? I have dug thruogh the docs and googled my eyes out, and have turned up nothing except a page that mentions 'revoking' then re issuing. I don't want to revoke the cert, as it's already expired, but since it's expired, shouldn't I be able to let openssl know that and allow me to issue another cert withour CA under the same DN??
Many Thanks!! -Sean- ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
