Brian Beckett
Reputation: 4900
Renew certificate with Java Keytool - reuse old CSR?
I have an SSL certificate in a Java keystore. It's going to expire in a week or so and I need to renew it.
Can I reuse the previous CSR (which the CA still have) and then import the certificate using the import command or do I need to generate a new CSR?
Upvotes: 8
Views: 18004
Answers (1)
bignum
Reputation: 3458
You can (if your CA doesn't check for public key reuse), but it's a bad security practice. The primary purpose of the validity period is to limit the time in which a certificate and associated private key is exposed to the possibility of being compromised.
Upvotes: 7
Related Questions
- How can I replace the expired intermediate CA certificate in a keystore file?
- Imported certificate to Java keystore, JVM ignores the new cert
- Commands to renew a Java Keystore with a Symantec renewal using a new CSR (not the original CSR)
- Tomcat / JKS / Keytool - regenerate private key?
- How to update a Tomcat keystore with a renewed SSL certificate?
- Install a renewed SSL certificate in Tomcat
- Update java keystore alias with new code-signing certificate
- Newbie keytool command -- how to update cert already added to keystore?
- Updating-Renewing self-signed CA certificate in java truststore
- Can I add a new certificate to the keystore without restarting the JVM?