5.4. Renewing Certificates


This section explains how to use the different types of certificate renewal described in Section 3.4.1, “About Renewal”. You can use the methods described in this section to renew a certificate both with and without agent approval. To renew a certificate as a user without agent approval, use profiles that require the CMCUserSignedAuth authentication plug-in, and to renew with agent approval, use profiles that require the CMCAuth authentication plug-in. For further details about these plug-ins and in which profiles they are enabled by default, see Section 8.1.2, “CMC Authentication Plug-ins”.

5.4.1. Renewal Using the Same Key

Section 5.3.1, “The CMC Enrollment Process” describes how to request and issue a certificate using CMC. When a user submits the same CMC request created during this process again with the same enrollment profile, Certificate System renews the certificate with the same key.

Note

For renewing a certificate as the user using the same key, the enrollment profile must contain the uniqueKeyConstraint entry with the params.allowSameKeyRenewal parameter set to True as described in Section 3.4.1, “About Renewal” and Section 3.4.1.1.1, “Renewing Using the Same Key”.

5.4.2. Renewal Using a New Key

To renew a certificate using a new key, follow the procedure described in Section 5.3.1, “The CMC Enrollment Process”. The process for renewal is the same as for a new enrollment. When you sign the request with the same signing certificate, the newly issued certificate contains the same subjectDN attribute as the signing certificate.
Red Hat logoGithubRedditYoutubeTwitter

Learn

Try, buy, & sell

Communities

About Red Hat Documentation

We help Red Hat users innovate and achieve their goals with our products and services with content they can trust.

Making open source more inclusive

Red Hat is committed to replacing problematic language in our code, documentation, and web properties. For more details, see the Red Hat Blog.

About Red Hat

We deliver hardened solutions that make it easier for enterprises to work across platforms and environments, from the core datacenter to the network edge.

© 2024 Red Hat, Inc.