On Tue, Jan 29, 2008 at 03:12:44PM -0500, Victor Duchovni wrote:
> On Mon, Jan 28, 2008 at 05:02:05PM +0100, Guy Deleeuw wrote:
>
> > Hello all,
> >
> > I'm new on the list.
> > I create a CA in 2003 and she have expired yesterday.
> >
> > It is possible to renew the CA without re create all clients certificates ?
> >
>
> With great care, yes. You must use the same private key, the same DN, serial
> number and the same key-id if applicable.
Of course the systems verifying the client certs will need to have the
new root CA cert in hand... So you still need to deliver the updated
root cert to all the right places.
--
Viktor.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
