Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Renew self-signed certificates #448

Open
SnejPro opened this issue Oct 12, 2023 · 3 comments
Open

Renew self-signed certificates #448

SnejPro opened this issue Oct 12, 2023 · 3 comments
Labels
feature request
Milestone
v5.6.0

Comments

@SnejPro
Copy link

SnejPro commented Oct 12, 2023

Is your feature request related to a problem? Please describe.
When a CA cert expires, it's not possible to create a new certificate from its private key so old certificates continue to work with the new root certificate.

Describe the solution you'd like
The possibility to create new certificates from existing keys.

Describe alternatives you've considered
Create a completly new CA with a new public key
@SnejPro SnejPro changed the title Renew self-signed certificates with old key Create self-signed certificates with old key Oct 12, 2023
@kaikramer kaikramer added this to the v5.6.0 milestone Oct 12, 2023
@kaikramer
Copy link
Owner

I liked the previous title of this better, "renew" describes better what you want. I'll change it back.

@kaikramer kaikramer changed the title Create self-signed certificates with old key Renew self-signed certificates Oct 12, 2023
@kaikramer
Copy link
Owner

This should be pretty easy to implement. If anyone wants to do this, just leave a comment here and I can provide some guidance.

@jgrateron
Copy link
Contributor

Hi, I found a way to renew a certificate without creating a new option.

image

  1. Create a CSR
  2. Sign the CSR, transfer the extensions, preferably with the same serial and without modifying the subject.

image

  1. Import CA Reply.
  2. Remove CA certificate from the chain in the final certificates and add the new CA.

Before
image

After
image

tenpertur added a commit to tenpertur/keystore-explorer that referenced this issue Oct 13, 2024
@tenpertur
handle EdDSA public keys (kaikramer#448)
8cd9a8f
tenpertur added a commit to tenpertur/keystore-explorer that referenced this issue Oct 13, 2024
@tenpertur
handle EdDSA public keys (kaikramer#448)
5d9e64e
kaikramer pushed a commit that referenced this issue Oct 13, 2024
@tenpertur
export public key to JWK (#515)
1752e22 
* Adapt pubkey export dialog window for JWK (#438)

Dialog window for public key export allows now to select public key format from:
- OpenSSL, PEM encoded (default)
- OpenSSL, binary
- JWK

* export ECC public key as JWK (#438)

Export ECC public key as JWK. Exported
key use key alias as key identifier when present,
or generate SHA-256 identifier otherwise.
Supported curve types:
- prime256v1 (secp256r1)
- secp256k1
- secp384r1
- secp521r1
- Ed2559
- Ed2448

* update messages related to public key export  JWK (#438)

Remove 'OpenSSL' from messages and resource identifiers
related to public key export. Application now informs
that public key action has been completed, without specifying
public key format.

* export RSA public keys as JWK (#438)

Export RSA public key as JWK.

* test JWK public key exporter (#438)

* disable export as JWK if key is not supported (#438)

* resolve issues with messages (#438)

- add missing 'erfolgreich' in German successful messages
- remove OpenSSL from French window title and messages

* handle EdDSA public keys (#448)

* remove unused dependency (#438)

* use raw public key without ASN.1 SPKI structure (#438)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
feature request
Projects
None yet
Milestone
v5.6.0
Development

No branches or pull requests
3 participants
@kaikramer @SnejPro @jgrateron