Hi,

I have some old certificates where the private key is fine but the cert
has expired.
My environment is only a test env by the way so there are no security
issues here. I just want an easy way to refresh the certs whenever they
expire.

Is there some way with openssl that I can just refresh the validity period
& signature and keep everything else (especially the extensions) just as
they were? The issuer name is still the same.

I know I can re-generate a new certificate but I'm not sure about all the
extensions since they came from my config file and it has changed since
some of the certs were made. Regeneration of the cert may mess up the
extensions unless I double check each one. I have several cert types, e.g.
OCSP, SSL client & server etc that all need the validity date updated.

Converting the cert to a cert request wont preserve the extensions will
it?

Regards,

Simon McMahon

__________________________________________________ ____________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majordomo@openssl.org