How to convert from X.509v2 to X.509v3 key encryption
-
22-10-2019 - |
Question
Who knows how to convert PEM encoded X.509 version 2 certificate with RSA public key to X.509 version 3?
Solution
As far as I know, you cannot change a certificate once issued. You need to re-issue the certificate. The reason being that the certificate contents are hashed by the CA and the hash is encrypted by the CA's private key. If there is a change in the content of the certificate, the exisitng hash will no longer match the calculated hash making your certificate useless.
OTHER TIPS
Vikas is correct, you cannot convert an X.509 certificate as the signature on the certificate is linked to the DER representation of that particular certificate. Any change to the certificate changes its DER representation and thus breaks the signature. If you need a v3 certificate the only option is to issue a new certificate. The public key component only enables you to verify what key was used to sign the certificate, making a signature requires the private key component.