8

I have an SSL certificate in a Java keystore. It's going to expire in a week or so and I need to renew it.

Can I reuse the previous CSR (which the CA still have) and then import the certificate using the import command or do I need to generate a new CSR?

Kevin Panko
  • 8,069
  • 19
  • 50
  • 60
Brian Beckett
  • 4,624
  • 6
  • 30
  • 52
  • If today is Jan1,2011 and I use a CSR dated from Jan 31,2010, will the cert reply work for 1 month or one year? – djangofan Feb 28 '11 at 23:36
  • @djangofan - You'd be more likely to get a response if you asked that as a question. I don't have the answer, I'm afraid :) – Brian Beckett Mar 01 '11 at 09:38

1 Answers1

7

You can (if your CA doesn't check for public key reuse), but it's a bad security practice. The primary purpose of the validity period is to limit the time in which a certificate and associated private key is exposed to the possibility of being compromised.

bignum
  • 3,338
  • 3
  • 20
  • 18
  • 1
    So I should really generate a new set of keys, then? Thanks. – Brian Beckett May 07 '10 at 10:37
  • 1
    Yes, generate a new keypair and associated CSR. – bignum May 07 '10 at 10:56
  • You guys might be able to help me. I'm referencing your question/answer in my new question. I'm a little stuck. https://stackoverflow.com/questions/44420459/commands-to-renew-a-java-keystore-with-a-symantec-renewal-using-a-new-csr – MacGyver Jun 07 '17 at 18:41