Renewing a self-signed certificate
About this task
If a self-signed certificate is about to expire, it is possible to renew it. You do not have to create a new certificate.
Procedure
-
List the certificates in the keystore and use the label "cert1" of the personal certificate to
get detailed information on this certificate. The value of "Not After:" shows the certificate's
expiration date.
gsk8capicmd_64 -cert -list -db ssign.p12 -stashed Certificates found default, - personal, ! trusted, # secret key - cert1 gsk8capicmd_64 -cert -details -db ssign.p12 -stashed -label cert1 Label : cert1 Key Size : 2048 Version : X509 V3 Serial : 450dfa054a483e88 Issuer : CN=domain,O=you,C=US Subject : CN=domain,O=you,C=US Not Before : September 28, 2022 5:00:27 PM CDT Not After : September 30, 2022 5:00:27 PM CDT -
Renew the certificate for a period of one year:
gsk8capicmd_64 -certreq -recreate -db ssign.p12 -stashed -label cert1 -target ssign.csr gsk8capicmd_64 -cert -sign -db ssign.p12 -stashed -label cert1 -file ssign.csr -target ssign.pem -expire 360 gsk8capicmd_64 -cert -receive -db ssign.p12 -stashed -file ssign.pem gsk8capicmd_64 -cert -details -db ssign.p12 -stashed -label cert1 Label : cert1 Key Size : 2048 Version : X509 V3 Serial : 6c240165e3561ddb Issuer : CN=domain,O=you,C=US Subject : CN=domain,O=you,C=US Not Before : September 28, 2022 5:09:12 PM CDT Not After : September 24, 2023 5:09:12 PM CDT