Renew certificate with Java Keytool - reuse old CSR?
I have an SSL certificate in a Java keystore. It's going to expire in a week or so and I need to renew it.
Can I reuse the previous CSR (which the CA 开发者_JS百科still have) and then import the certificate using the import
command or do I need to generate a new CSR?
You can (if your CA doesn't check for public key reuse), but it's a bad security practice. The primary purpose of the validity period is to limit the time in which a certificate and associated private key is exposed to the possibility of being compromised.
精彩评论