No, that should not be true - as long as the subject name of the issuer does not change and the key pair is reused, then any previously issued certificates should still verify against the issuer. Note that the thumbprint will be different, in case that is used anywhere to track the cert.
.................................... Erik Tkal Juniper OAC/UAC/Pulse Development -----Original Message----- From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of John R Pierce Sent: Wednesday, May 11, 2011 12:47 PM To: openssl-users@openssl.org Subject: Re: Replace renewed intermediate certificate in the keystore chain On 05/10/11 11:03 PM, Mohan Radhakrishnan wrote: > > Hi, > > I have checked my keystore and truststore and the intermediate > certificate alone is going to expire. > as I understand it (vaguely at best), if the intermediate certfiicate expires, that invalidates any certificates it generated, so you will need to regenerate and replace all child certificates too. ... ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
