Massimiliano Pala wrote: > However keep in mind that certificate renewal (issuing a new certificate to > the same subject using the same key) should be discouraged as its lifetime > (key's one) should be considered ended with the expiration of the certificate > (or you could have issued the certificate with a longer validity period, > don't you think ?), at least to me.
Depends on the key usage, but I generally agree. There are legitimate reasons for resigning, usually because of a DN change (move from one OU to another in the same O, for example), but the lifetime of the key should probably not be extended beyond the key in the original cert. ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]