On Thu, Apr 20, 2006 at 04:42:53PM +0100, John Francis wrote:
> A word of warning, this was done to satisfy some test data.
>
>
>
> In fact you shouldn't be doing this at all.you should create a new private
> key..
>
>
>
> The only reason to preserve the old private key is if there is some
>The only reason to preserve the old private key is
>if there is something out there signed with it and
>if this is the root CA and its public cert has expired
>you really shouldn't allow anything out there to remain
>valid anyway. By issuing a new cert with the old key you
>are actually allowing
users@openssl.org'
Subject: RE: Refreshing a self
signed root certificate
openssl req -new -x509 -key
F:\MyCAs\MyRootCA\private\cakey.pem -keyform PEM -out cacert2.pem -outform PEM
seems to work…
openssl req -new -x509 -key
F:\MyCAs\MyRootCA\private\cakey.pem -keyform PEM -out cacert2.pem -outform PEM
seems to work…
I have an openssl CA.
I have previously created a self signed Root
certificate.
However this certificate has now expired.
How can I “refresh” the certificate (
i.e. create a new one with a later expiry date ), but still use the old private
key so that all the other certificates issue
