> From: owner-openssl-us...@openssl.org On Behalf Of Mohan Radhakrishnan > Sent: Monday, 16 May, 2011 00:13
> Not sure why I mixed up the order earlier but this procedure works. > > If the old leaf is first in the .pem file followed by the > new intermediate and the old root the intermediate is renewed > successfully. I have to use the already existing chain alias. > (To be exact: the alias for the existing *privatekey* entry, which *includes* the chain.) > I think this is what should have worked for you too ? > Yes that did work for me, and now for you. Another way that works and I prefer is old leaf plus new intermediate and NO root, because as I explained there's no benefit to having the root in the privatekey entry. But you were already using with-root, and I guess you want to continue doing so, and it does no harm. <snip earlier> ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
