On Wed, Oct 17, 2007 at 09:49:15PM +0100, G.W. Haywood wrote:
> "Is it possible to extend the expiry of this certificate without
> changing any other fields in the certificate?"
>
> to which it seems that the answer is
>
> "Yes",
Actually it is "no", because the certificate needs a new signature block.
But the more interesting question is what verifiers will make of the
new cert, and the answe is that they won't trust it unless reconfigured
to do so.
> although one might add that the resulting certificate could be viewed
> by some as a different certificate. In that case, the next question
> would be "Is it valid?", to which the answer would also presumably be
>
> "Yes".
If the signature block is not updated (new cert generated with nearly
identical fields), the cert is invalid. If a new valid cert is generated,
it is untrusted.
--
Viktor.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
