💾 Archived View for gemini.bunburya.eu › newsgroups › gemini › messages › slrnt9co55.h35.mbays@ma.sd… captured on 2022-06-04 at 01:40:27. Gemini links have been rewritten to link to archived content
-=-=-=-=-=-=-
From: mbays@sdf.org
Subject: Re: Certificate renewal under TOFU?
Date: Tue, 31 May 2022 18:38:29 GMT
Message-ID: <slrnt9co55.h35.mbays@ma.sdf.org>
On 2022-05-30, danrl <d@x.gl> wrote:
What's the guidance on certificate renewal under TOFU?
If you just want to extend the expiry date, I think the best thing to do
is to sign a new certificate with the *same* keypair. At least some
clients do TOFU based on the public key, rather than the certificate
itself, and probably all should. You can do this using appropriate
openssl commands -- if you can't find the right commands, I can find
them for you.
Parent:
Certificate renewal under TOFU? (by danrl <d@x.gl> on Mon, 30 May 2022 03:31:15 -0000 (UTC))
Children:
Re: Certificate renewal under TOFU? (by reidrac@sdf-eu.org on Thu, 2 Jun 2022 06:16:12 +0000)