Operating System: Solaris 10
When I renew my certificate, my public key is different that my before certificate. Why? Documentation says "Certificate renewal simply means issuance of a new certificate containing the same public key as an already issued certificate"
I have renew module enabled. When I renew certificate using "Renew Browser Certificate", later, I download new certificate using "Create Keystore" option from public web.
I have this CA configuration:
-Enforce unique public keys --> Enforce check it
-Enforce unique DN --> Enforce check it
-Enforce unique Subject DN SerialNumber --> Enforce NO check it
-Use Certificate Request History --> Use check it
-Use User Storage --> Use check it
-Use Certificate Storage --> Use check it
You need to use keystore type "user generated". Create keystore, with a keystore type p12,jks or pem, will always generate a new server generated key pair.
But then, I have one problem, because I need two functionalities:
1) I need key recovery available in certificates --> For this, I need p12 or pem token type
2) I need renew certificates available with the same public key --> For this, I need "user generated"
How I can have both functions at once? Are they incompatible?
Thanks and Regards
Yes that is incompatible. What you want to do is key recovery. With key recovery you can choose to issue a new certificate, or reuse the old one.
PrimeKey Solutions offers commercial EJBCA and SignServer support subscriptions and training courses. Please see www.primekey.se or contact firstname.lastname@example.org for more information.
hi Tomas again,
I don´t understand you. How can I choose this?
I want to do this:
First I create a new user with P12 token and issue a new certificate with this user. If I need recovery this certiticate "n" times, I want have button "Key Recoverable" all times avaliable in certificate view. If this certificate is "expiring" I want to renew this certificate with the same public key.
Then, If I have in my End Entity Profile the next configuration in "Key Recoverable" section:
- "Use" check it
- "Default" check it
- "Reuse old certificate" check it
How can I do renew the certificates with same public key?
edit thé end entity and uncheck reuse old certificate. then a new certificate will be issued when you keyrecover the certificate.
Ok, then, when I want to recovery the same certificate I need to have check reuse old certificate and when I want to renew the certiticate I need to have uncheck reuse old certificate.
Is it correct?
Thansk for all Tomas and regards
Log in to post a comment.
Sign up for the SourceForge newsletter:
You seem to have CSS turned off.
Please don't fill out this field.