Hello list,
let me say first that I'm not too deep into the secrets of openssl, I just like
it as being a stable, great-working software for all concerns of dealing with
encryption and especially x.509 certificates for my VPN connections,
webservers, and so on.
I got one big problem for now: My self-signed CA cert will expire in about one
month. I installed it 4 years ago and never minded about, but now I have to
renew it.
The Creation of a whole new CA and client certificates isn't possible for me
because of the large number of clients using my certs (VPN Roadwarriors,
Webservers, Mailservers, and so on).
Since I didn't find very much useful information on the net concerning the
renewal of certificates (might be I did the wrong searches?), I want to ask you
some points:
- First of all, is there any HowTo that deals not only with creaton, but also
with the renewal of self-signed CA certs in detail?
More detailed, and for addressing my actual problem right now, I'd need to know
- Is it possible to renew a CA cert that way, that those user certs which I
signed with the old CA cert shortly (means less than one year) ago, still
remain valid?
- if yes, how would I manage this using the good old openssl commands ?
- I assume I have to replace the old with the new CA cert on every client
machine where it is installed, as long as I don't set up a web based (e.g.
url-fetching) mechanism - correct?
Your help is GREATLY appreciated - and thanks a lot in advance.
Andreas Grimmel
System Administrator
- down to his knees - ;-)
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]