OpenSSL Renewing the self-signed certificate- Adding days.

Generate a Self-Signed Certificate with the below command.

openssl x509 \
-signkey private.key \
-in certificate.csr \
-req -days 365 -out certificate.crt

In the above command, we are generating the certificate i.e. certificate.crt with a private key private.key with validity for 365 days.

Note: Always keep the Existing private key safe and secure. Do not delete in case you want to renew the certificate.

Since this certificate will expire in 365 days we can always renew the certificate with the below command.

openssl req\
-key private.key \
-new \
-x509 -days 700 -out renewcertificate.crt

In the above command, we are using the same private new i.e. private.key for creating a new certificate i.e. renewcertificate.crt with a validity of 700 days.

Verify a Private Key Matches a Certificate and CSR

openssl x509 -text -noout -in certificate.crt

openssl x509 -text -noout -in renewcertificate.crt

openssl rsa -noout -modulus -in private.key | openssl md5

openssl x509 -noout -modulus -in certificate.crt | openssl md5

openssl x509 -noout -modulus -in renewcertificate.crt | openssl md5