On Tue, Jul 18, 2006, Michael P. Soulier wrote: > Hello, > > If I'm using openssl to manage a CA, and I need to issue a new cert with > the same CN as a previously issued Cert, is it enough to revoke the > previous cert with that CN? >
Note that there is no problem issuing a certificate with the same CN, i.e. commonName. I think you mean the same DN. Note that CN is just one (optional) field in the DN. If the CN fields are the same but other fields differ that's not a problem. By default to retain compatibility with older versions OpenSSL 'ca' will complain if a certificate exists with the same DN. There is an option to turn off this behaviour. See the manual pages for details. Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Funding needed! Details on homepage. Homepage: http://www.drh-consultancy.demon.co.uk ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
