Certificate Renewal

Certificate renewal is a often misunderstood term. Certificate renewal simply means issuance of a new certificate containing the same public key as an already issued certificate. It does not mean issuing a new certificate with the same certificate serial number, and it does not mean that the CA in some magical way has access to the end entities private key.

To renew a certificate using the admin GUI, simply:

1. Go to Search/Edit End Entities and find the end entity in question.

2. Set status to NEW.

3. Have the end entity create a new certificate request (CSR), using the same public key as the first certificate.

4. Send the new certificate request to the CA (the same way you did when getting the first certificate).

5. Get the certificate back.

Since the CA has all public keys of end entities, as they are in the certificates that the CA stores, this process can be automated. How to automate that is more advanced and can be done in many ways, suitable for different workflows. How to do that is not described here.