Radovan Semancik wrote:
>
> Hi!
>
> Maybe this is FAQ or even OT, but anyway:
>
> How is certificate renewal done? I mean the case, that user's
> certificate expired and she wants a new one.
>
> User sends a new CSR? How does CA handle it? And how about serial
> number, I don't think it will be the same for expired and renewed
> certificate. Is that the case?
>
> TIA
To renew a certificate you don't have to resend a Request to the
CSP - at least Netscape don't support it (AFAIK) - simply the CSP
should have kept a copy of your original request and issue a new
certificate with a new validity period. This almost depends on the
crypto layer you are using and policies you are following.
If you simply renew the same key-pair just use the old request, but
keep in mind that it is a good policy to renew all keys in a 2 years
period...
C'you,
Massimiliano Pala ([EMAIL PROTECTED])
S/MIME Cryptographic Signature
