Arsen, Arsen Hayrapetyan wrote:
<snip>
However, if your CA root certificate is expiring soon, isn't it better idea to do a re-key (of course, if it is allowed by your policy) than to continue to use the old key-pair? (It is safer to do re-key time to time than use the same key-pair for a long period)
I forgot to ask, *how* do you re-key? Does re-keying mean using the original .csr? Can what Jason Haar did be made to work such that the 'new' version of the root CA certificate will authenticate web server certificates issued with the 'old' root CA certificate?
Thanks, -- Greg Vickers Project Manager, IT Security Information Technology Services Queensland University of Technology L12, 126 Margaret St, Brisbane Phone: (07) 3864 9536 Mobile: 0410 434 734 Email: [EMAIL PROTECTED] IT Security web site: http://www.its.qut.edu.au/itsecurity/ CRICOS No. 00213J ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
