On Fri, Dec 06, 2013 at 12:46:35AM +0100, Adnan RIHAN wrote: > Actually, I've also asked on Stackoverflow.
Except that the answer is wrong if you have the private keys of the issuing CA or you're willing to generate a similar new CA whose private key you generate. A CA can resign an existing certificate, by modifying selected fields, and generating a new signature. That's what the code I posted does (it updates only the validity interval). > Usually, I don't > really like the ``why would you do that'' answers, but this --- > Is really good :D > > http://stackoverflow.com/questions/20407965/changing-validity-of-existing-pki-certificates If you don't need to or prefer not to test with your original certificates, and are willing to use a different test-rig, then of course you can do that. -- Viktor. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
