<div dir="ltr">I haven't. Let me try that. Thats 1 way to start.<div><br></div><div>thanks</div><div>dhiva</div><div><br></div></div><div class="gmail_extra"><br><br><div class="gmail_quote">On Mon, Apr 21, 2014 at 11:30 AM, Christina Fu <span dir="ltr"><<a href="mailto:cfu@redhat.com" target="_blank">cfu@redhat.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div bgcolor="#FFFFFF" text="#000000">
The "Renewal: Renew certificate to be manually approved by agents"
on the EE Enrollment/Renewal profile list (last one on the list, by
default) is supposed to allow you to renew expired certs. Did you
try that?<br>
<br>
Christina<br>
<br>
<div>On 04/21/2014 10:07 AM, Dhiva wrote:<br>
</div>
<blockquote type="cite">
<div dir="ltr">We have a Safenet token (known as eToken) with the
private key and certificate installed.
<div>I need to renew the expired certificates without generating
a new private key( thats what we call as renewal). The
problems is that certificate on these Tokens were expired, so
i cannot really use the 'renewal process'. Is there a way i
can use the 'expired' certificate for renewal.</div>
<div><br>
</div>
<div>I was not able to generate new CSR from the private key on
the Token. I tried 'openssl req' with PKCS11 engine option and
not been successful.</div>
<div><br>
</div>
<div>I do have access to the old CSR in two forms: <br>
</div>
<div>- one set of requests were in crmf format.I was able to
issue new certificate for these requests.<br>
</div>
<div>- one set of requests were in keygen<<a href="https://developer.mozilla.org/en-US/docs/Web/HTML/Element/keygen" target="_blank">https://developer.mozilla.org/en-US/docs/Web/HTML/Element/keygen</a>>
format: This i am not sure how can i make dogtag pki
certificate profile to accept it.<br>
</div>
<div><br>
</div>
<div>Appreciate your help.</div>
<div><br>
</div>
<div><br>
</div>
</div>
<br>
<fieldset></fieldset>
<br>
<pre>_______________________________________________
Pki-devel mailing list
<a href="mailto:Pki-devel@redhat.com" target="_blank">Pki-devel@redhat.com</a>
<a href="https://www.redhat.com/mailman/listinfo/pki-devel" target="_blank">https://www.redhat.com/mailman/listinfo/pki-devel</a></pre>
</blockquote>
<br>
</div>
<br>_______________________________________________<br>
Pki-devel mailing list<br>
<a href="mailto:Pki-devel@redhat.com">Pki-devel@redhat.com</a><br>
<a href="https://www.redhat.com/mailman/listinfo/pki-devel" target="_blank">https://www.redhat.com/mailman/listinfo/pki-devel</a><br></blockquote></div><br></div>