Hi all
I would like to know how to renew a self singed CA (RootCA) certificate
through certutil.
I followed the below procedure to create a self signed CA cert.
$certutil -N -d .
$certutil -S -d . -n "testCA" -s "CN=testCA,O=Example.COM,C=US" -t "CT,,"
-x -2 -m 0000 -v 1 -t "CT,,"
<snip>
$certutil -L -d . -n testCA
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 0 (0x0)
Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption
Issuer: "CN=testCA,O=Example.COM,C=US"
Validity:
Not Before: Mon Oct 31 06:21:37 2011
Not After : Thu Dec 01 06:21:37 2011
Subject: "CN=testCA,O=Example.COM,C=US"
</snip>
As you can see above the CA cert expires on Dec 01 2011, I would like to
know how to renew the above certificate
In the case of SubCA's it seems to be fairly easy to renew the Certificates
by using the same Private key in the nss database by specifying the
following option
$certutil -d . -R -k "NSS Certificate DB:subCA" -s "cn=SubCA
Authority,o=Example.COM" -a -o example.req2.txt
But not sure how to proceed with RootCA getting expired.
Any pointers on this would be helpful.
Thanks
Niranjan
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
