[openssl-users] question about resigning a certificate

Alex Samad - Yieldbroker Alex.Samad at yieldbroker.com
Mon Mar 16 01:46:48 UTC 2015


I had a sha1 signed CA and I issued other  identity and CA certificates from this CA.

With the deprecation of sha1 coming, I resigned my original CA (self signed) as sha512, with the same creation and expiry dates. I believe the only thing changed was the signature and serial number.

But when I go to verify older certs that were signed by the original CA (the sha1 signed one), they are no longer valid.

I thought if I used the same private and public key I should be okay. I thought the only relevant issue was the issuer field and that the CA keys where the same . Was I wrong.


More information about the openssl-users mailing list