[Openswan Users] RootCA expired, how to change??
Andreas Steffen
andreas.steffen at strongsec.net
Mon Jan 24 09:31:58 CET 2005
Just generate a new CA certificate based on the old
private CA key:
openssl req -new -x509 -key private/cakey.pem -days <desired lifetime>
-out cacert.pem
Make sure that the Distinguished Name of the new CA certificate
is identical to the old CA certificate.
Regards
Andreas
foren titze wrote:
> Hello,
>
> I need Help:
>
> my RootCA for my Tunnel is expired.
> How can I extend this RootCA?
>
> I think it is expired because I have done this:
>
> linux-vpn:/etc/ipsec.d/own# openssl verify -CAfile ../cacerts/cacert.pem
> titze_cert.pem
> titze_cert.pem: /C=DE/ST=NRW/L=duesseldorf/O=wapme/OU=rootca/CN=bTitze/Email=rootca at wap.de
> error 10 at 1 depth lookup:certificate has expired
> OK
> linux-vpn:/etc/ipsec.d/own# openssl verify -CAfile ../cacerts/cacert.pem
> brosowski_cert.pem
> brosowski_cert.pem: /C=DE/ST=NRW/L=duesseldorf/O=wapme/OU=rootca/CN=bTitze/Email=rootca at wap.de
> error 10 at 1 depth lookup:certificate has expired
> OK
> linux-vpn:/etc/ipsec.d/own# openssl verify -CAfile ../cacerts/cacert.pem
> brosowski_cert.pem
>
> Thanks
> _______________________________________________
> Users mailing list
> Users at openswan.org
> http://lists.openswan.org/mailman/listinfo/users
--
=======================================================================
Andreas Steffen e-mail: andreas.steffen at strongsec.com
strongSec GmbH home: http://www.strongsec.com
Alter Zürichweg 20 phone: +41 1 730 80 64
CH-8952 Schlieren (Switzerland) fax: +41 1 730 80 65
==========================================[strong internet security]===
More information about the Users
mailing list