Public Key Infrastructure

Digital Key Management

Digital Certificates

TLS/SSL Certificates

Certificate Management

Certificate Authority

Certificate Scanning

Encryption Standards, Regulations, and Algorithms

Certificate Request

Chain of Trust

Certificate Provisioning

Certificate Renewal and Revocation

Buying a Certificate from CA

PKI for IoT

Do I have to Generate a new CSR to get my Certificate Renewed?

It is recommended that you generate a CSR each time you renew your old certificates. Though some web servers may allow you to use the old CSR, generating a new one takes care of incorporating new encryption methods and hashing algorithms into the new certificates.

You can, however, use the same private key for your new certificate as was used in the old one. In case you choose the above method, and you use a dedicated software solution to manage your certificates, the renewal process can be automated. The certificate management software can, in this case, auto-fill your CSR details and send it to the CA by itself. If you want to generate new keys for your certificate (for security reasons) you can raise the CSR manually.

Certificate management software or sometimes your CA will start sending alerts reminding you to renew your certificate 90 days before it’s set to expire. The group to which this email is sent depends on the time remaining, and grows larger as the date nears. You can renew your certificate right after you receive the first alert, and the leftover months will be carried over. It’s recommended to renew certificates well before their expiry to prevent potential issues from late renewal cropping up.

Related Articles:   What is the Maximum Validity Period of TLS/SSL Certificates?