Re: [openssl-users] certificate renewal without restarting processes

> On May 25, 2017, at 10:28 AM, Salz, Rich via openssl-users > wrote: > >> It uses SSL_CTX_use_certificate_chain_file in some places and in other places >> it uses PEM_read_bio_X509 >> >> When these APIs are used, can the OpenSSL stack detect updated files on >>

Re: [openssl-users] certificate renewal without restarting processes

> It uses SSL_CTX_use_certificate_chain_file in some places and in other places > it uses PEM_read_bio_X509 > > When these APIs are used, can the OpenSSL stack detect updated files on > disk and reload them without any intervention from the application? No, it's a load and use the current

[openssl-users] certificate renewal without restarting processes

Hi, The reSIProcate project is using OpenSSL to load[1] certificates and private keys. It uses SSL_CTX_use_certificate_chain_file in some places and in other places it uses PEM_read_bio_X509 When these APIs are used, can the OpenSSL stack detect updated files on disk and reload them without

Re: Regarding Certificate renewal

to decide what you want to do. Or was your question about best practices when creating a CA policy? Hope this helps at least a bit, Ted ;) Am 21.01.2014 06:51, schrieb Kamalraj Madhurakasan: Hello guys, I would like to know whether my understanding about certificate renewal is correct

Re: Regarding Certificate renewal

Madhurakasan: Hello guys, I would like to know whether my understanding about certificate renewal is correct or not. To renew the certificate: 1. we need to generate a new CSR from the private key 2. revoke the old certificate 3. get the new CSR signed by the CA with validity extended

Re: Regarding Certificate renewal

certificate renewal is correct or not. To renew the certificate: 1. we need to generate a new CSR from the private key 2. revoke the old certificate 3. get the new CSR signed by the CA with validity extended The fields that are common between old

Regarding Certificate renewal

Hello guys, I would like to know whether my understanding about certificate renewal is correct or not. To renew the certificate: 1. we need to generate a new CSR from the private key 2. revoke the old certificate 3. get the new CSR signed by the CA with validity extended The fields

Certificate renewal

Hi, My apologies for a slightly off-topic question. When certificates are renewed in most scenarios, is it usual to generate a new RSA key pair or would a client re-use the existing keys and just ask for a new certificate with those keys? Thanks for any guidance or pointers... Regards, Carl

Re: Certificate renewal

Hi, RFC 3647 defines certificte renewal as follows: Certificate renewal means the issuance of a new certificate to the subscriber without changing the subscriber or other participant's public key or any other information in the certificate. http://www.faqs.org/rfcs/rfc3647.html (section

Problem with OIDs during CA root certificate renewal

Hello, I have a problem with OIDs during CA root certificate renewal. I am using openssl 0.9.6b. I've performed the following steps: 1) Converting existing certificate to CSR: openssl x509 -x509toreq -in old_cert.pem -signkey PrivKey.pem -out careq.csr 2)Signing the request with existing private

Re: certificate renewal with openSSL

Nobody answered me this one... I will have to try to revocate a certificate to see if I can add it later However, most root CA, keep old certificates as valid, because it takes some time to install a new certificate on a machine... Cheers On 14 Nov 2001 12:29:30 -0500, POLIVKA-ROHRER,

Re: Certificate Renewal

On Wed, 7 Feb 2001, John Douglass wrote: Is anyone playing around with certificate renewals? I'm trying to figure out how to accomplish this given: 1) Certificate is installed in the browser already 2) I have the certificate (SPKAC) file on the CA 3) I have the signed public key on the

Re: Certificate renewal

Hi, This solution was interesting but it seems that I need the private key of the user certificate to sign the request (and unfortunately it was created and stored in the client browser). openssl x509 -x509toreq -in cert.pem -out req.pem Getting request Private Key no request key file specified

Re: Certificate renewal

Maxime Dubois wrote: This solution was interesting but it seems that I need the private key of the user certificate to sign the request Yes, my fault. Use the old cert request. You should store them for auditing reasons anyway. Ciao, Michael.

Re: Certificate renewal

Thanks So I need to keep request files as I keep cert files... I think renewal is interesting because we don't think the validity period of certs is determined by their weakness but by an internal policy of users and CRL management. In an organisation delivering certificates to its members, we

Re: Certificate renewal

Maxime Dubois wrote: So I need to keep request files as I keep cert files... Maybe you can also try to generate a new request from an expired cert. openssl x509 -x509toreq I think renewal is interesting because [...] It's always a matter of your local policy. Ciao, Michael.

Re: Certificate renewal

Radovan Semancik wrote: And what about the certificate serial number. It will be changed or stays same? User will download a renewed certificate just as a "original" one? Won't Netscape complaint about duplicate certificate? No, the serial number is different. Netscape will correctly

Re: Certificate renewal

[EMAIL PROTECTED] wrote: Radovan Semancik wrote: Hi! Maybe this is FAQ or even OT, but anyway: How is certificate renewal done? I mean the case, that user's certificate expired and she wants a new one. User sends a new CSR? How does CA handle it? And how about serial number

Re: Certificate renewal

Radovan Semancik wrote: Hi! Maybe this is FAQ or even OT, but anyway: How is certificate renewal done? I mean the case, that user's certificate expired and she wants a new one. User sends a new CSR? How does CA handle it? And how about serial number, I don't think

Certificate renewal

Hi! Maybe this is FAQ or even OT, but anyway: How is certificate renewal done? I mean the case, that user's certificate expired and she wants a new one. User sends a new CSR? How does CA handle it? And how about serial number, I don't think it will be the same for expired and renewed

certificate renewal

Hi, Does anyone know how to renew certificate? I tried: openssl x509 -x509toreq -in cert_file -out csr_file -signkey CA_private_key but the signature of the created csr_file is incorrect. Does the 'ca' package have renew function? In addition, I can't sign certs with same dn but

certificate renewal with MSIE 5

I'm having difficulty to install a new certificate after a certificate renewal w/ MSIE 5. Our certification authority have been tested during some time, now we have generated new CA's key pairs. In fact MSIE doesn't "refresh" the new certificate. (Same tests with Communicator 4.61