Proper way to "update" an expired CA certificate

[Leroy Tennison]

and continue to use unexpired certificate/key pairs signed by the expired CA certificate.  I did some research and found "openssl x509 -in ca.crt -days 3650 -out new-ca.crt -signkey ca.key" which seems to work but want to make sure there aren't any less-than-obvious issues i missed and that there isn't a better way to address the issue.  Thanks for your help.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-users/attachments/20221027/9fb78e36/attachment.htm>