Renew certificate with Java Keytool - reuse old CSR?
-
03-10-2019 - |
Question
I have an SSL certificate in a Java keystore. It's going to expire in a week or so and I need to renew it.
Can I reuse the previous CSR (which the CA still have) and then import the certificate using the import
command or do I need to generate a new CSR?
Solution
You can (if your CA doesn't check for public key reuse), but it's a bad security practice. The primary purpose of the validity period is to limit the time in which a certificate and associated private key is exposed to the possibility of being compromised.
Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow