Renew certificate with Java Keytool - reuse old CSR?

Question

I have an SSL certificate in a Java keystore. It's going to expire in a week or so and I need to renew it.

Can I reuse the previous CSR (which the CA still have) and then import the certificate using the import command or do I need to generate a new CSR?

If today is Jan1,2011 and I use a CSR dated from Jan 31,2010, will the cert reply work for 1 month or one year? — djangofan, Feb 28 '11 at 23:36
@djangofan - You'd be more likely to get a response if you asked that as a question. I don't have the answer, I'm afraid :) — Brian Beckett, Mar 01 '11 at 09:38

score 7 · Accepted Answer · answered May 07 '10 at 10:26

7

You can (if your CA doesn't check for public key reuse), but it's a bad security practice. The primary purpose of the validity period is to limit the time in which a certificate and associated private key is exposed to the possibility of being compromised.

answered May 07 '10 at 10:26

bignum

3,448
3
21
18

1

So I should really generate a new set of keys, then? Thanks. – Brian Beckett May 07 '10 at 10:37
1

Yes, generate a new keypair and associated CSR. – bignum May 07 '10 at 10:56
You guys might be able to help me. I'm referencing your question/answer in my new question. I'm a little stuck. https://stackoverflow.com/questions/44420459/commands-to-renew-a-java-keystore-with-a-symantec-renewal-using-a-new-csr – JustBeingHelpful Jun 07 '17 at 18:41

Renew certificate with Java Keytool - reuse old CSR?

1 Answers1

Linked