Re: Certificate renewal under TOFU?

Message headers

From: mbays@sdf.org

Subject: Re: Certificate renewal under TOFU?

Date: Tue, 31 May 2022 18:38:29 GMT

Message-ID: <slrnt9co55.h35.mbays@ma.sdf.org>

Message content

On 2022-05-30, danrl <d@x.gl> wrote:

What's the guidance on certificate renewal under TOFU?

If you just want to extend the expiry date, I think the best thing to do

is to sign a new certificate with the *same* keypair. At least some

clients do TOFU based on the public key, rather than the certificate

itself, and probably all should. You can do this using appropriate

openssl commands -- if you can't find the right commands, I can find

them for you.

Related

Parent:

Certificate renewal under TOFU? (by danrl <d@x.gl> on Mon, 30 May 2022 03:31:15 -0000 (UTC))

Children:

Re: Certificate renewal under TOFU? (by reidrac@sdf-eu.org on Thu, 2 Jun 2022 06:16:12 +0000)