<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
The "Renewal: Renew certificate to be manually approved by agents"
on the EE Enrollment/Renewal profile list (last one on the list, by
default) is supposed to allow you to renew expired certs. Did you
try that?<br>
<br>
Christina<br>
<br>
<div class="moz-cite-prefix">On 04/21/2014 10:07 AM, Dhiva wrote:<br>
</div>
<blockquote
cite="mid:CACEO+=R309ovQTBE2S9Wtw1tkSEBP0Qpdq2XE06cFmS6EuS2cg@mail.gmail.com"
type="cite">
<div dir="ltr">We have a Safenet token (known as eToken) with the
private key and certificate installed.
<div>I need to renew the expired certificates without generating
a new private key( thats what we call as renewal). The
problems is that certificate on these Tokens were expired, so
i cannot really use the 'renewal process'. Is there a way i
can use the 'expired' certificate for renewal.</div>
<div><br>
</div>
<div>I was not able to generate new CSR from the private key on
the Token. I tried 'openssl req' with PKCS11 engine option and
not been successful.</div>
<div><br>
</div>
<div>I do have access to the old CSR in two forms: <br>
</div>
<div>- one set of requests were in crmf format.I was able to
issue new certificate for these requests.<br>
</div>
<div>- one set of requests were in keygen<<a
moz-do-not-send="true"
href="https://developer.mozilla.org/en-US/docs/Web/HTML/Element/keygen">https://developer.mozilla.org/en-US/docs/Web/HTML/Element/keygen</a>>
format: This i am not sure how can i make dogtag pki
certificate profile to accept it.<br>
</div>
<div><br>
</div>
<div>Appreciate your help.</div>
<div><br>
</div>
<div><br>
</div>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
Pki-devel mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Pki-devel@redhat.com">Pki-devel@redhat.com</a>
<a class="moz-txt-link-freetext" href="https://www.redhat.com/mailman/listinfo/pki-devel">https://www.redhat.com/mailman/listinfo/pki-devel</a></pre>
</blockquote>
<br>
</body>
</html>