[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
how to update expired certificate in certificate DB by certutil and keyutil

To: terrence@xxxxxxxxxxxxxx
Subject: how to update expired certificate in certificate DB by certutil and keyutil
From: Terrence Miao <terrence@xxxxxxxxxxxxxx>
Date: Fri, 21 Jan 2005 20:59:19 +1100
User-agent: Mutt/1.4.1i
how to update expired certificate in certificate DB by certutil and keyutil 
---------------------------------------------------------------------------

certutil and keyutil come from Netscape Certificate Management 
System 4.1.

[siwc@baghdadic backup]$ /servers/netscape/cms42/bin/cert/tools/certutil -L -d . -n "People Update Script's The University of Macquarie ID"
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 2915 (0xb63)
        Signature Algorithm: PKCS #1 MD5 With RSA Encryption
        Issuer: OU=Certificate Authority, O=The University of Macquarie, C=AU
        Validity:
            Not Before: Sat Jan 17 09:30:03 2004
            Not After: Sun Jan 16 09:30:03 2005
        Subject: CN=People Update Script, UID=PUpdate, OU=Directory Administrators, O=The University of Macquarie, C=AU
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    00:e3:6c:44:3b:88:d6:6a:07:9e:c7:f3:ad:d8:6b:
                    d9:01:43:a3:e6:00:ff:ea:94:98:89:72:fa:53:5c:
                    e4:e6:1a:46:34:6a:6d:53:12:ad:28:e9:68:ec:52:
                    ad:8b:39:95:b3:8f:86:21:50:09:80:e4:bb:7d:b3:
                    d4:86:01:29:65
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name:
                Certificate Key Usage
            Critical:
                True
            Data:
                03:02:05:e0

            Name:
                Certificate Type
            Data:
                03:02:05:a0

            Name:
                Certificate Authority Key Identifier
            Data:
                30:16:80:14:b8:b7:f2:93:bd:17:09:a1:5f:96:a1:f8:
                98:3b:b9:7c:ba:f6:71:68

            Name:
                Certificate Subject Alt Name
            Data:
                30:15:81:13:63:77:69:73:40:75:6e:69:6d:65:6c:62:
                2e:65:64:75:2e:61:75

    Signature Algorithm: PKCS #1 MD5 With RSA Encryption
    Signature:
        50:d6:d6:b5:74:4d:17:44:31:9d:72:df:9e:51:b3:20:42:ac:
        63:11:08:f2:3d:74:ff:e4:80:88:0e:e8:74:05:3f:0f:dc:17:
        3a:13:ca:5a:0b:11:d3:a5:df:d6:4b:b9:1c:cc:46:47:37:cc:
        7f:8f:86:74:b6:d9:a5:c4:a3:9f:2e:5b:81:45:ea:a4:66:7f:
        5e:9c:30:c1:77:1b:5d:c5:ce:b4:ad:87:8a:b2:00:b8:94:7c:
        c1:48:3b:18:7c:c4:0e:bf:11:6f:83:33:c2:31:8f:77:0e:b4:
        38:5d:e2:c0:bf:15:c0:74:a5:7b:1d:e2:7a:0f:9b:d4:f0:b3:
        e7:12
    Certificate Trust Flags:
        SSL Flags:
            User
        Email Flags:
            User
        Object Signing Flags:
            User

The RSA Public Key ID is: e36c (e3:6c)

[siwc@baghdadic backup]$ /servers/netscape/cms42/bin/cert/tools/keyutil -P -d . -k e36c
RSA Public-Key:
    modulus:
        00:e3:6c:44:3b:88:d6:6a:07:9e:c7:f3:ad:d8:6b:d9:01:43:
        a3:e6:00:ff:ea:94:98:89:72:fa:53:5c:e4:e6:1a:46:34:6a:
        6d:53:12:ad:28:e9:68:ec:52:ad:8b:39:95:b3:8f:86:21:50:
        09:80:e4:bb:7d:b3:d4:86:01:29:65
    publicExponent: 65537 (0x10001)

Use this Key ID to generate new certificate requirement.

[siwc@baghdadic tmp]$ /servers/netscape/cms42/bin/cert/tools/certutil -R -d . -s "CN=People Update Script, UID=PUpdate, OU=Directory Administrators, O=The University of Macquarie, C=AU" -k e36c -o PUpdate.req

[siwc@baghdadic tmp]$ /servers/web/openssl/bin/openssl req -inform DER -outform PEM -in PUpdate.req -out PUpdate.req.pem

[siwc@baghdadic tmp]$ /servers/web/openssl/bin/openssl req -text -in PUpdate.req.pem 
Certificate Request:
    Data:
        Version: 0 (0x0)
        Subject: C=AU, O=The University of Macquarie, OU=Directory Administrators/UID=PUpdate, CN=People Update Script
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
            RSA Public Key: (512 bit)
                Modulus (512 bit):
                    00:e3:6c:44:3b:88:d6:6a:07:9e:c7:f3:ad:d8:6b:
                    d9:01:43:a3:e6:00:ff:ea:94:98:89:72:fa:53:5c:
                    e4:e6:1a:46:34:6a:6d:53:12:ad:28:e9:68:ec:52:
                    ad:8b:39:95:b3:8f:86:21:50:09:80:e4:bb:7d:b3:
                    d4:86:01:29:65
                Exponent: 65537 (0x10001)
        Attributes:
            a0:00
    Signature Algorithm: md5WithRSAEncryption
        e1:ee:2d:dd:e8:b8:e2:6c:50:a5:a3:82:36:ba:0f:c3:34:fe:
        39:12:7b:3c:88:96:11:d3:3b:8e:63:03:a5:dc:a0:dc:71:0f:
        eb:38:47:ed:50:38:66:43:8b:15:6a:6e:cd:ab:95:d6:23:ef:
        a0:6e:27:85:53:d5:5c:34:13:a1
-----BEGIN CERTIFICATE REQUEST-----
MIIBSTCB9AIBADCBjjELMAkGA1UEBhMCQVUxJDAiBgNVBAoTG1RoZSBVbml2ZXJz
aXR5IG9mIE1lbGJvdXJuZTEhMB8GA1UECxMYRGlyZWN0b3J5IEFkbWluaXN0cmF0
b3JzMRcwFQYKCZImiZPyLGQBARMHUFVwZGF0ZTEdMBsGA1UEAxMUUGVvcGxlIFVw
ZGF0ZSBTY3JpcHQwXDANBgkqhkiG9w0BAQEFAANLADBIAkEA42xEO4jWageex/Ot
2GvZAUOj5gD/6pSYiXL6U1zk5hpGNGptUxKtKOlo7FKtizmVs4+GIVAJgOS7fbPU
hgEpZQIDAQABoAAwDQYJKoZIhvcNAQEEBQADQQDh7i3d6LjibFClo4I2ug/DNP45
Ens8iJYR0zuOYwOl3KDccQ/rOEftUDhmQ4sVam7Nq5XWI++gbieFU9VcNBOh
-----END CERTIFICATE REQUEST-----

[siwc@baghdadic tmp]$ /servers/web/openssl/bin/openssl x509 -text -in PUpdate-expired-on-20050121.pem 
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 3110 (0xc26)
        Signature Algorithm: md5WithRSAEncryption
        Issuer: C=AU, O=The University of Macquarie, OU=Certificate Authority
        Validity
            Not Before: Jan 21 06:16:32 2005 GMT
            Not After : Jan 21 06:16:32 2007 GMT
        Subject: C=AU, O=The University of Macquarie, OU=Directory Administrators/UID=PUpdate, CN=People Update Script
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
            RSA Public Key: (512 bit)
                Modulus (512 bit):
                    00:e3:6c:44:3b:88:d6:6a:07:9e:c7:f3:ad:d8:6b:
                    d9:01:43:a3:e6:00:ff:ea:94:98:89:72:fa:53:5c:
                    e4:e6:1a:46:34:6a:6d:53:12:ad:28:e9:68:ec:52:
                    ad:8b:39:95:b3:8f:86:21:50:09:80:e4:bb:7d:b3:
                    d4:86:01:29:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            Netscape Cert Type: 
                SSL Client, SSL Server, S/MIME
            X509v3 Key Usage: critical
                Digital Signature, Non Repudiation, Key Encipherment, Data Encipherment
            X509v3 Authority Key Identifier: 
                keyid:B8:B7:F2:93:BD:17:09:A1:5F:96:A1:F8:98:3B:B9:7C:BA:F6:71:68

    Signature Algorithm: md5WithRSAEncryption
        4a:b5:51:40:a9:ed:63:50:c0:5b:41:3a:8f:01:51:28:07:30:
        c6:e0:3f:4f:e9:ce:4c:e1:56:b7:05:68:0d:0d:a5:08:d8:19:
        7a:17:d7:b0:a5:17:b5:7e:2f:cf:8a:fc:2c:a6:ee:19:52:b8:
        c3:5d:2b:6a:38:7d:e3:3c:ce:30:c9:4b:7c:94:78:8f:96:80:
        da:ab:e4:da:32:23:c6:3b:10:c6:6a:da:83:1f:84:22:d0:71:
        a4:8b:fc:27:b3:d6:19:54:22:00:45:3c:ac:a1:91:e5:e4:72:
        bc:8f:6c:ba:9e:1d:b6:ca:19:14:c2:18:0a:10:6d:10:d2:0f:
        6b:55
-----BEGIN CERTIFICATE-----
MIICWzCCAcSgAwIBAgICDCYwDQYJKoZIhvcNAQEEBQAwUzELMAkGA1UEBhMCQVUx
JDAiBgNVBAoTG1RoZSBVbml2ZXJzaXR5IG9mIE1lbGJvdXJuZTEeMBwGA1UECxMV
Q2VydGlmaWNhdGUgQXV0aG9yaXR5MB4XDTA1MDEyMTA2MTYzMloXDTA3MDEyMTA2
MTYzMlowgY4xCzAJBgNVBAYTAkFVMSQwIgYDVQQKExtUaGUgVW5pdmVyc2l0eSBv
ZiBNZWxib3VybmUxITAfBgNVBAsTGERpcmVjdG9yeSBBZG1pbmlzdHJhdG9yczEX
MBUGCgmSJomT8ixkAQETB1BVcGRhdGUxHTAbBgNVBAMTFFBlb3BsZSBVcGRhdGUg
U2NyaXB0MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAONsRDuI1moHnsfzrdhr2QFD
o+YA/+qUmIly+lNc5OYaRjRqbVMSrSjpaOxSrYs5lbOPhiFQCYDku32z1IYBKWUC
AwEAAaNGMEQwEQYJYIZIAYb4QgEBBAQDAgXgMA4GA1UdDwEB/wQEAwIE8DAfBgNV
HSMEGDAWgBS4t/KTvRcJoV+WofiYO7l8uvZxaDANBgkqhkiG9w0BAQQFAAOBgQBK
tVFAqe1jUMBbQTqPAVEoBzDG4D9P6c5M4Va3BWgNDaUI2Bl6F9ewpRe1fi/Pivws
pu4ZUrjDXStqOH3jPM4wyUt8lHiPloDaq+TaMiPGOxDGatqDH4Qi0HGki/wns9YZ
VCIARTysoZHl5HK8j2y6nh22yhkUwhgKEG0Q0g9rVQ==
-----END CERTIFICATE-----

[siwc@baghdadic tmp]$ /servers/web/openssl/bin/openssl x509 -inform PEM -outform DER -in PUpdate-expired-on-20050121.pem -out PUpdate-expired-on-20050121.crt

[siwc@baghdadic tmp]$ /servers/netscape/cms42/bin/cert/tools/certutil -D -d . -n "People Update Script's The University of Macquarie ID"

[siwc@baghdadic tmp]$ /servers/netscape/cms42/bin/cert/tools/certutil -A -d . -n "People Update Script's The University of Macquarie ID" -t "u,u,u" -i PUpdate-expired-on-20050121.crt 

[siwc@baghdadic tmp]$ /servers/netscape/cms42/bin/cert/tools/certutil -L -d . -n "People Update Script's The University of Macquarie ID"
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 3110 (0xc26)
        Signature Algorithm: PKCS #1 MD5 With RSA Encryption
        Issuer: OU=Certificate Authority, O=The University of Macquarie, C=AU
        Validity:
            Not Before: Fri Jan 21 06:16:32 2005
            Not After: Sun Jan 21 06:16:32 2007
        Subject: CN=People Update Script, UID=PUpdate, OU=Directory Administrators, O=The University of Macquarie, C=AU
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    00:e3:6c:44:3b:88:d6:6a:07:9e:c7:f3:ad:d8:6b:
                    d9:01:43:a3:e6:00:ff:ea:94:98:89:72:fa:53:5c:
                    e4:e6:1a:46:34:6a:6d:53:12:ad:28:e9:68:ec:52:
                    ad:8b:39:95:b3:8f:86:21:50:09:80:e4:bb:7d:b3:
                    d4:86:01:29:65
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name:
                Certificate Type
            Data:
                03:02:05:e0

            Name:
                Certificate Key Usage
            Critical:
                True
            Data:
                03:02:04:f0

            Name:
                Certificate Authority Key Identifier
            Data:
                30:16:80:14:b8:b7:f2:93:bd:17:09:a1:5f:96:a1:f8:
                98:3b:b9:7c:ba:f6:71:68

    Signature Algorithm: PKCS #1 MD5 With RSA Encryption
    Signature:
        4a:b5:51:40:a9:ed:63:50:c0:5b:41:3a:8f:01:51:28:07:30:
        c6:e0:3f:4f:e9:ce:4c:e1:56:b7:05:68:0d:0d:a5:08:d8:19:
        7a:17:d7:b0:a5:17:b5:7e:2f:cf:8a:fc:2c:a6:ee:19:52:b8:
        c3:5d:2b:6a:38:7d:e3:3c:ce:30:c9:4b:7c:94:78:8f:96:80:
        da:ab:e4:da:32:23:c6:3b:10:c6:6a:da:83:1f:84:22:d0:71:
        a4:8b:fc:27:b3:d6:19:54:22:00:45:3c:ac:a1:91:e5:e4:72:
        bc:8f:6c:ba:9e:1d:b6:ca:19:14:c2:18:0a:10:6d:10:d2:0f:
        6b:55
    Certificate Trust Flags:
        SSL Flags:
            User
        Email Flags:
            User
        Object Signing Flags:
            User
Prev by Date: A P2P AUDIO CONFERENCING APPLICATION USING H.323 VoIP <http://www.cswl.com/whiteppr/tech/audio.html>
Next by Date: Firefox Tweak Guide - Performance Settings <http://www.tweakfactor.com/articles/tweaks/firefoxtweak/4.html>
Previous by thread: A P2P AUDIO CONFERENCING APPLICATION USING H.323 VoIP <http://www.cswl.com/whiteppr/tech/audio.html>
Next by thread: Firefox Tweak Guide - Performance Settings <http://www.tweakfactor.com/articles/tweaks/firefoxtweak/4.html>
Index(es):
- Main
- Thread