SSL question

you can't. the cert was issued with those dates, if you issue a new cert with the new dates, it will have no effect on the prior cert.

if you wish to *revoke* a cert, that's a different function; however, a CA cert can't be revoked (as it isn't signed by anything higher to revoke it with)

I changed the hostname on the server and IP address.

what i need to do with the CA cert since these information are different from the time the CA cert was created.

ok. so what you need to issue is a new end node cert, not a new CA cert. the way it works is that the CA is a self-signed cert that never changes, and the server cert (if I recall, literally called servercert.pem) can be updated to reflect the new name and IP.  take a look at the yast screens at https://www.suse.com/documentation/sles11/book_security/data/sec_security_yast_ca_module.html and in particular, the section 17.2.4 (creating or revoking user certificates) - this can be used to issue a new user (server) certificate for your webserver, ldap etc.

I installed SUSE 11 SP3 and converted to template.  from the template i created a new VM called ldap01.example.com, template had CA and Server cert.  now for new VM ldap01.example.com, can i use existing CA cert and create new server cert?  

I was under impression I have recreate both CA and Server cert for this VM.

no. you keep the CA cert (which won't run out for a decade or so :D) and issue new server certs. In fact, you can use ONE CA to issue all the server certs on your network, that way you only need to import the CA into browsers and stuff once, instead of importing multiple CAs.

If I am right, i keep the same CA but create a new server cert.

when i export i should be exporting the server cert right.