What does it mean to re-key a certificate?
|
Last Updated: November 21, 2005 2:38 PM
|
Print This Article |
Re-keying is the process of replacing an existing SSL certificate. Specifically, re-keying entails:
- Deleting/revoking an existing SSL certificate
- Creating a new public/private key pair
- Issuing a new SSL certificate
The original certificate is automatically deactivated when the new one is issued.
Consider re-keying an SSL certificate if any of the following situations occur:
- Loss of your private key
- Compromise of your private key
- Certificate does not work properly
NOTE: The Distinguished Name (DN) in the replacement SSL certificate must be identical to the Distinguished Name in the SSL Certificate that is being re-keyed. The Common Name, Organization Name, Locality, State/Province, and Country — as entered in the Certificate Signing Request (CSR) — must be the same in both of the certificates. Certificate holders can have their certificates re-keyed at no expense.
You can only request a re-key within 30 days of initial issuance of certificate. A maximum of two re-key requests is permitted within the 30-day period.