On 16/03/2015 02:46, Alex Samad - Yieldbroker wrote:
Hi
I had a sha1 signed CA and I issued other identity and CA certificates from
this CA.
With the deprecation of sha1 coming, I resigned my original CA (self signed) as
sha512, with the same creation and expiry dates. I believe the only thing
changed was the signature and serial number.
But when I go to verify older certs that were signed by the original CA (the
sha1 signed one), they are no longer valid.
I thought if I used the same private and public key I should be okay. I thought
the only relevant issue was the issuer field and that the CA keys where the
same . Was I wrong.
Alex
Run openssl x509 -noout -text -in OneOfYourIssuedCerts.pem| more
Look at what aspects of your CA are mentioned. For example,
does it include the "X509v3 Authority Key Identifier"
extension, and if so, which fields from the CA cert are
included?
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded
_______________________________________________
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
