Re: [Pki-devel] crmf Vs kegGen

The "Renewal: Renew certificate to be manually approved by agents" on the EE Enrollment/Renewal profile list (last one on the list, by default) is supposed to allow you to renew expired certs. Did you try that? Christina On 04/21/2014 10:07 AM, Dhiva wrote: We have a Safenet token (known as eToken) with the private key and certificate installed. I need to renew the expired certificates without generating a new private key( thats what we call as renewal). The problems is that certificate on these Tokens were expired, so i cannot really use the 'renewal process'. Is there a way i can use the 'expired' certificate for renewal. I was not able to generate new CSR from the private key on the Token. I tried 'openssl req' with PKCS11 engine option and not been successful. I do have access to the old CSR in two forms: - one set of requests were in crmf format.I was able to issue new certificate for these requests. - one set of requests were in keygen< https://developer.mozilla.org/en-US/docs/Web/HTML/Element/keygen> format: This i am not sure how can i make dogtag pki certificate profile to accept it. Appreciate your help. _______________________________________________ Pki-devel mailing listPki-devel@redhat.comhttps://www.redhat.com/mailman/listinfo/pki-devel _______________________________________________ Pki-devel mailing list Pki-devel(a)redhat.com https://www.redhat.com/mailman/listinfo/pki-devel