* martin f krafft (madduck@debian.org) [021125 11:29]: > when i create certificates, they are usually not valid beyond > 6 months. so after 6 months, i would like to renew them. i know i can > reuse the key and original signing request, but when i sign them with > my CA, they get new fingerprints. i am thinking that this is he > desired result, but wondering whether i can extend the expiration on > a certificate without changing the fingerprint? A certificate is a signed public key. The expiration date is associated with the signature; the public key remains the same. Since the data being signed changes, the signature (and hence its fingerprint) must change. good times, Vineet -- http://www.doorstop.net/ -- http://www.anti-dmca.org/
Attachment:
pgp5daOiqO2KQ.pgp
Description: PGP signature