[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: changing the expiration of a certificate



* martin f krafft (madduck@debian.org) [021125 11:29]:
> when i create certificates, they are usually not valid beyond
> 6 months. so after 6 months, i would like to renew them. i know i can
> reuse the key and original signing request, but when i sign them with
> my CA, they get new fingerprints. i am thinking that this is he
> desired result, but wondering whether i can extend the expiration on
> a certificate without changing the fingerprint?

A certificate is a signed public key.  The expiration date is associated
with the signature; the public key remains the same.  Since the data
being signed changes, the signature (and hence its fingerprint) must
change.

good times,
Vineet

-- 
http://www.doorstop.net/
-- 
http://www.anti-dmca.org/	

Attachment: pgp6R7eHE9qHA.pgp
Description: PGP signature


Reply to: