On Wed, Jan 28, 2004 at 02:28:47AM -0800, Kathiravan Velusamy wrote:
>
> Hi,
>
> The process of renewing a self-signed certificate once it has expired is as follows:
[snip]
> $patch renew-server-cert.sh < user-patch
That should be $patch renew-user-cert.sh < user-patch
Sorry for that typo. Inc
Hope it is useful for you
Regards,
Kathiravan
www.visolve.com
- Original Message -
From: "Gerd Schering" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Thursday, January 22, 2004 3:34 PM
Subject: revoking expired certificates
> Hi,> > It is po
What if my cert happened to expire 1 month later? Would that mean if someone
did compromise my cert and sent signed e-mails before it expired (but
*after* I added to the CRL), then after it expires, that signed e-mail
would appear VALID - as it wouldn't be in the CRL anymore?
No, it will be in the
On Thu, Jan 22, 2004 at 10:44:31AM -0500, Rich Salz wrote:
> Why? If I signed something last week, and the certificate was valid
> last week, isn't the signature still good? There are some people who
> feel differently. It probably all depends on legal and regulatory
> context. Is the wet si
But let me be somewhat more specific. If I use the openssl ca utility,
it is technically possible to revoke a cert which has expired for
instance for one year. If I generate a CRL (via the ca utility) the cert
appears on the CRL.
Does this make any sense?
The crl tool has to be able to include a
Rich Salz wrote:
Gerd Schering wrote:
Hi,
It is possible (via the ca utility) to revoke certificates that
already have expired.
Hard to say. The ITU X.509 standard says that if a certificate is
revoked, it stays on the CRL for one CRL past its expiration date. In
other words, if the order
