[solved] Renewing a verisign cert

murffatksig · 2009-09-15 13:53:50

Sorry, this isnt Arch related, but I'm having a tough time googling the correct answer. I've got a customer using red hat linux and wanting to renew their verisign ssl cert for a webpage. I'm following the instructions listed at https://knowledge.verisign.com/support/ … t&id=AR142

My question is, do I need to generate a new key pair if i'm renewing the certificate?

Thanks,

MP

Last edited by murffatksig (2009-09-15 20:17:40)

cactus · 2009-09-15 17:33:09

you don't have to.
generally they either:
a) just re-sign the original cert request they have on hand, (new certificate lifetime)
b) ask for a new csr to sign
c) ask you to generate a new key, and then a new csr to sign

I think which operation they prefer depends on the vendor.

https://knowledge.verisign.com/support/ … 3035718053

For the sake of security though, it certainly wouldn't hurt to generate a new private key and csr, and then have that csr signed. (option c above)

another relevant link: http://serverfault.com/questions/42993/ … ith-apache
apparently verisign does allow option a (see last comment on serverfault page)

murffatksig · 2009-09-15 20:18:25

Thanks, I went with option B.

Arch Linux

#1 2009-09-15 13:53:50

[solved] Renewing a verisign cert

#2 2009-09-15 17:33:09

Re: [solved] Renewing a verisign cert

#3 2009-09-15 20:18:25

Re: [solved] Renewing a verisign cert

Board footer