[Pki-devel] crmf Vs kegGen
Christina Fu
cfu at redhat.com
Mon Apr 21 18:30:27 UTC 2014
The "Renewal: Renew certificate to be manually approved by agents" on
the EE Enrollment/Renewal profile list (last one on the list, by
default) is supposed to allow you to renew expired certs. Did you try that?
Christina
On 04/21/2014 10:07 AM, Dhiva wrote:
> We have a Safenet token (known as eToken) with the private key and
> certificate installed.
> I need to renew the expired certificates without generating a new
> private key( thats what we call as renewal). The problems is that
> certificate on these Tokens were expired, so i cannot really use the
> 'renewal process'. Is there a way i can use the 'expired' certificate
> for renewal.
>
> I was not able to generate new CSR from the private key on the Token.
> I tried 'openssl req' with PKCS11 engine option and not been successful.
>
> I do have access to the old CSR in two forms:
> - one set of requests were in crmf format.I was able to issue new
> certificate for these requests.
> - one set of requests were in
> keygen<https://developer.mozilla.org/en-US/docs/Web/HTML/Element/keygen>
> format: This i am not sure how can i make dogtag pki certificate
> profile to accept it.
>
> Appreciate your help.
>
>
>
>
> _______________________________________________
> Pki-devel mailing list
> Pki-devel at redhat.com
> https://www.redhat.com/mailman/listinfo/pki-devel
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/pki-devel/attachments/20140421/c328cd51/attachment.htm>
More information about the Pki-devel
mailing list