[Pki-devel] crmf Vs kegGen
Dhiva
dhiva at es.net
Mon Apr 21 18:32:01 UTC 2014
I haven't. Let me try that. Thats 1 way to start.
thanks
dhiva
On Mon, Apr 21, 2014 at 11:30 AM, Christina Fu <cfu at redhat.com> wrote:
> The "Renewal: Renew certificate to be manually approved by agents" on the
> EE Enrollment/Renewal profile list (last one on the list, by default) is
> supposed to allow you to renew expired certs. Did you try that?
>
> Christina
>
> On 04/21/2014 10:07 AM, Dhiva wrote:
>
> We have a Safenet token (known as eToken) with the private key and
> certificate installed.
> I need to renew the expired certificates without generating a new private
> key( thats what we call as renewal). The problems is that certificate on
> these Tokens were expired, so i cannot really use the 'renewal process'. Is
> there a way i can use the 'expired' certificate for renewal.
>
> I was not able to generate new CSR from the private key on the Token. I
> tried 'openssl req' with PKCS11 engine option and not been successful.
>
> I do have access to the old CSR in two forms:
> - one set of requests were in crmf format.I was able to issue new
> certificate for these requests.
> - one set of requests were in keygen<
> https://developer.mozilla.org/en-US/docs/Web/HTML/Element/keygen> format:
> This i am not sure how can i make dogtag pki certificate profile to accept
> it.
>
> Appreciate your help.
>
>
>
>
> _______________________________________________
> Pki-devel mailing listPki-devel at redhat.comhttps://www.redhat.com/mailman/listinfo/pki-devel
>
>
>
> _______________________________________________
> Pki-devel mailing list
> Pki-devel at redhat.com
> https://www.redhat.com/mailman/listinfo/pki-devel
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/pki-devel/attachments/20140421/85782001/attachment.htm>
More information about the Pki-devel
mailing list