[TriLUG] expiring cert annoyance

Joseph S. Tate dragonstrider at gmail.com
Sat Sep 15 16:18:25 EDT 2012


On Sat, Sep 15, 2012 at 7:16 AM, Christian Stalberg
<cstalberg at web-analysts.net> wrote:
>    I have a cert signed by Geotrust good until may 2013. Now I am getting
>    this daily warning message. I have been unable to find instructions on
>    how to renew the cert using the existing CSR, i.e. not having to
>    generate a new cert. Can anyone advise? Thank you in advance.

If neither the keys nor the data have to change, you can use the
previous CSR as is.  There are no dates in a CSR.  The expiration only
applies to the public certificate.  If you don't have the old CSR, you
can get it back using openssl x509 --x509toreq +options.  To renew
just skip the instructions for a new key to the point where the CSR is
generated.

Review your key lengths though and make sure they're 2048 bits or
longer while you have this chance to refresh them.

If the keys or the data have to change, then you'll need a whole new
req object.  You can use "openssl req +options" to generate a new one
from your new or existing keys.

-- 
Joseph Tate
Personal e-mail: jtate AT dragonstrider DOT com
Web: http://www.dragonstrider.com



More information about the TriLUG mailing list