Hi, my problem occur when i'm trying to extend my certificate root life validity. When i'm using renew function, it renewed my root but valid from is start from the day you renew. Is there anyway, for valid from carried old date (the first time root created) ... ?
Thanks and Regards,
I'm not aware of any such function.
Note that existing certificates will be valid also with the renewed root assuming the key hasn't been changed as well.
Means that...old root cert still valid...althougth i renew with new start date ? ..
This issue occur because, there are user enroll for certificate using old root cert. if i renew with new start date, afraid existing user cannot use their certificate as root does not active yet (acoording to their certificate enrolled).
If you make a new root you must distribute it.
BTW, is this question related to SCEP?
this concern when validate user certificate. what will happen to existing enrolled user certificate asthey enrolled using old root?. As renewed root has latest valid from date?
No, i believe it does not related to SCEP.
If the user's certificate hasn't expired, the new root (using the same key) should be able to validate equally well as the old root. Otherwise renew using the same key (and name) would entirely useless.
thank you for your explaination .. :)