Hi there, On Wed, 17 Oct 2007, David Schwartz wrote:
> The OP wrote: > > > I have a private CA certificate created using openssl command line. > > The issue is that the certificate expires on 19th Oct, 2007. > > The question is that "Is it possible to extend the expiry of this > > certificate without changing any other fields in the certificate?" > > Basically, I want to continue using this CA Cert to sign end-user > > certs for a longer time. > > Any help will be appreciated. Thanks. > > This question comes up a lot and I still have no idea what anyone is asking. It seems fairly clear to me. > It seems like it's largely a philosophical question, like am I the same > person I was ten years ago even though only 1% of the molecules are the > same. I don't think the OP asked anything like that. > Some might consider the resulting certificate to be the original certificate > with a later expiry date. Some might consider it to be a brand new > certificate that just happens to share some common values with the previous > certificate. I don't think the OP asked whether it would still be the old certificate or if it would be a new certificate. He just asked if he can change the date, and only the date, on his existing certificate. > What possible difference does it make whether you consider the resulting > certificate a "new certificate" or "the original certificate with a later > expiration date"? I don't think, in this thread, that anyone else considered that difference. > Or are you asking something else entirely? And if so, what? It seems to me that the OP is indeed asking something else entirely different from the question which you yourself seem to have posed and then immediately failed to answer. He's asking "Is it possible to extend the expiry of this certificate without changing any other fields in the certificate?" to which it seems that the answer is "Yes", although one might add that the resulting certificate could be viewed by some as a different certificate. In that case, the next question would be "Is it valid?", to which the answer would also presumably be "Yes". Have I understood? -- 73, Ged. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
