You need to generate a new certificate with the same data (except a different serial number and a reference to sha1WithRSAEncryption), containing the same public key, and signed with the same private key.
I'd recommend sha256WithRSAEncryption, but that's possibly not an option for you. Make sure that you do not reuse the same serial number, it *will* cause problems (particularly for such software as Firefox, but also for anything that's written in an X.509-pedantic mode). -Kyle H On Tue, Apr 15, 2014 at 1:41 AM, <steff...@gmx.de> wrote: > Hello world, > > I am running my own little CA and the root certificate was created using md5: > > Signature Algorithm: md5WithRSAEncryption > > I need to change this do sha1 because I have clients that do not accept md5 > anymore. Is there any way to convert the existing cert from md5 to sha1 ? I > tried converting it to another format and then reimporting it using -sha1 but > this doesn't work. > > Thanks, > Stephan > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List openssl-users@openssl.org > Automated List Manager majord...@openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
