[openssl-users] question about resigning a certificate
Alex Samad - Yieldbroker
Alex.Samad at yieldbroker.com
Mon Mar 16 01:46:48 UTC 2015
I had a sha1 signed CA and I issued other identity and CA certificates from this CA.
With the deprecation of sha1 coming, I resigned my original CA (self signed) as sha512, with the same creation and expiry dates. I believe the only thing changed was the signature and serial number.
But when I go to verify older certs that were signed by the original CA (the sha1 signed one), they are no longer valid.
I thought if I used the same private and public key I should be okay. I thought the only relevant issue was the issuer field and that the CA keys where the same . Was I wrong.
More information about the openssl-users