Renew certificate with Java Keytool - reuse old CSR?

Question

I have an SSL certificate in a Java keystore. It's going to expire in a week or so and I need to renew it.

Can I reuse the previous CSR (which the CA still have) and then import the certificate using the import command or do I need to generate a new CSR?

Answer 1

You can (if your CA doesn't check for public key reuse), but it's a bad security practice. The primary purpose of the validity period is to limit the time in which a certificate and associated private key is exposed to the possibility of being compromised.