April 26, 2006

No trouble certificate renewal

If you need to renew an X.509 certificate ( Used for SSL encryption/ https) and you don't want to dig into which cn, ou, or other information that was entered in the last certificate request, you can use the following openssl command. The command will read the private key (private.key) and existing certificate (oldcert.pem) and generate a new certificate request (newcsr.csr) with the same information as the old certificate contained.

$ openssl x509 -x509toreq -signkey private.key -out newcsr.csr -in oldcert.pem

Posted by simon at April 26, 2006 2:36 PM
Post a comment