On 2011/10/30 23:26 PDT, mallapadi niranjan wrote: > Hi all > > I would like to know how to renew a self singed CA (RootCA) certificate > through certutil.
[snip] > In the case of SubCA's it seems to be fairly easy to renew the Certificates > by using the same Private key in the nss database by specifying the > following option > > $certutil -d . -R -k "NSS Certificate DB:subCA" -s "cn=SubCA > Authority,o=Example.COM" -a -o example.req2.txt Does that not also work for your root CA? It should. > But not sure how to proceed with RootCA getting expired. What's unclear? Use the -R option as you've described above to make a new request for the root certificate. Then use -C to issue the new certificate from that request, using the old root as the issuer. Since the old root and new have the same public key, the new cert will be self-signed. -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
