Daniel Kahn Gillmor <[email protected]> writes: > On 02/19/2009 04:42 PM, Simon Josefsson wrote: >> Daniel Kahn Gillmor <[email protected]> writes: >> >>> (is it even possible to transform a self-signed V1 cert into a >>> self-signed V3 cert?) >> >> Not without re-signing it, which requires that certificates under the V1 >> cert won't chain back to the V3 cert. That's by design. > > Thanks for the response! Can you point me to a reference, Simon? I'd > like to understand the details better, but don't know where to begin.
Check RFC 5280: the TBSCertificate structure contains the version, and the structure is signed, so to change a V1 cert to V3 cert you'd have to re-sign it. That's possible of course, but you'll need the private key. And in that case, you'd might as well generate a new V3 certificate rather than converting information from an old one. I'm not sure what I meant above though: if the public key is the same, certs signed by the V1 cert may correctly chain back to the V3 cert. /Simon -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]
