Hi,

I just saw the "RE: Changing the expiry date of a cert" thread but I think
my question is a little different.

My certs are not CA certs they are user certs where the only thing I
really need to preserve are subject, issuer, key & cert extensions. The
serial # doesn't matter.

The thing I would like to use is "openssl x509" and specify the old cert
and get a new cert from it with all the extensions preserved.

Thanks,

Simon McMahon




Simon McMahon/Australia/Contr/IBM@IBMAU
Sent by: owner-openssl-users@openssl.org
24/10/2007 03:27 PM
Please respond to
openssl-users@openssl.org


To
openssl-users@openssl.org
cc

Subject
refresh validity dates on a certificate






Hi,

I have some old certificates where the private key is fine but the cert
has expired.
My environment is only a test env by the way so there are no security
issues here. I just want an easy way to refresh the certs whenever they
expire.

Is there some way with openssl that I can just refresh the validity period

& signature and keep everything else (especially the extensions) just as
they were? The issuer name is still the same.

I know I can re-generate a new certificate but I'm not sure about all the
extensions since they came from my config file and it has changed since
some of the certs were made. Regeneration of the cert may mess up the
extensions unless I double check each one. I have several cert types, e.g.

OCSP, SSL client & server etc that all need the validity date updated.

Converting the cert to a cert request wont preserve the extensions will
it?

Regards,

Simon McMahon

__________________________________________________ ____________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majordomo@openssl.org


__________________________________________________ ____________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majordomo@openssl.org