Menu
I have an SSL certificate in a Java keystore. It's going to expire in a week or so and I need to renew it.
Can I reuse the previous CSR (which the CA still have) and then import the certificate using the import command or do I need to generate a new CSR?
990
It is recommended that you generate a CSR each time you renew your old certificates. Though some web servers may allow you to use the old CSR, generating a new one takes care of incorporating new encryption methods and hashing algorithms into the new certificates.
To renew an SSL/TLS certificate, you'll need to generate a new CSR. For more information about creating a CSR, see our Create a CSR (Certificate Signing Request) page. Best practices are to generate a new certificate signing request (CSR) when renewing your SSL/TLS certificate.
The short answer is that while yes you can reuse the CSR, it doesn't mean you should. It's worth considering that encryption methods can improve over time (e.g., generating RSA keys @ 2048 or 4096 vs 1024 awhile back, sha256 vs.
You can (if your CA doesn't check for public key reuse), but it's a bad security practice. The primary purpose of the validity period is to limit the time in which a certificate and associated private key is exposed to the possibility of being compromised.
52
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
