OpenSSL Renewing the self-signed certificate- Adding days.
Generate a Self-Signed Certificate with the below command.
openssl x509 \
-signkey private.key \
-in certificate.csr \
-req -days 365 -out certificate.crt
In the above command, we are generating the certificate i.e. certificate.crt with a private key private.key with validity for 365 days.
Note: Always keep the Existing private key safe and secure. Do not delete in case you want to renew the certificate.
Since this certificate will expire in 365 days we can always renew the certificate with the below command.
openssl req\
-key private.key \
-new \
-x509 -days 700 -out renewcertificate.crt
In the above command, we are using the same private new i.e. private.key for creating a new certificate i.e. renewcertificate.crt with a validity of 700 days.
Verify a Private Key Matches a Certificate and CSR
openssl x509 -text -noout -in certificate.crt
openssl x509 -text -noout -in renewcertificate.crt
openssl rsa -noout -modulus -in private.key | openssl md5
openssl x509 -noout -modulus -in certificate.crt | openssl md5
openssl x509 -noout -modulus -in renewcertificate.crt | openssl md5