Hi, The cert of the CA has expired. I've renewed the CA cert using:
openssl x509 -in cacert-old.pem -days 3650 -enddate -out cacert.pem -signkey private/cakey.pem I've also deleted the old CA cert from the mail client (thunderbird) and install the new CA cert. My existing personal cert seems to be validated by this new CA cert just fine. However, thunderbird thinks that the existing mails signed by my personal cert are invalid because "the certificate used to sign the message was issued by a certificate authority that you do not trust for issuing this kind of certificate". Is this the normal behavior or I did not renew the CA cert properly? I did notice that the new CA cert uses sha1WithRSAEncryption as the signature algorithm while the old one uses md5WithRSAEncryption. Is this the problem? If so, how to correct it? Thanks! ----- -- Kent Tong Wicket tutorials freely available at http://www.agileskills2.org/EWDW Axis2 tutorials freely available at http://www.agileskills2.org/DWSAA -- View this message in context: http://www.nabble.com/renewing-a-CA-tp23497730p23497730.html Sent from the OpenSSL - User mailing list archive at Nabble.com. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
