<html>
<head>
<meta content="text/html; charset=windows-1252"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<div class="moz-cite-prefix"><tt>On 16/03/2015 02:46, Alex Samad -
Yieldbroker wrote:</tt><tt><br>
</tt></div>
<blockquote
cite="mid:A3FB5D9FD28C50429DF7692DC31054E655391335@DC1INTADCW8201.yieldbroker.com"
type="cite">
<pre wrap="">Hi
I had a sha1 signed CA and I issued other identity and CA certificates from this CA.
With the deprecation of sha1 coming, I resigned my original CA (self signed) as sha512, with the same creation and expiry dates. I believe the only thing changed was the signature and serial number.
But when I go to verify older certs that were signed by the original CA (the sha1 signed one), they are no longer valid.
I thought if I used the same private and public key I should be okay. I thought the only relevant issue was the issuer field and that the CA keys where the same . Was I wrong.
Alex
</pre>
</blockquote>
<tt>Run openssl x509 -noout -text -in OneOfYourIssuedCerts.pem</tt><tt>
| more<br>
</tt><tt><br>
</tt><tt>Look at what aspects of your CA are mentioned. For
example,<br>
does it include the "X509v3 Authority Key Identifier"<br>
extension, and if so, which fields from the CA cert are<br>
included?</tt><tt><br>
</tt><tt><br>
<br>
</tt>
<pre class="moz-signature" cols="72">Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. <a class="moz-txt-link-freetext" href="http://www.wisemo.com">http://www.wisemo.com</a>
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded </pre>
</body>
</html>