Renewing a certificate from an Internet CA
If you use a well-known, Internet CA to issue the certificate, you can handle the certificate renewal in two different ways.
You can renew the certificate directly with the Internet CA and then
import the renewed certificate from the file that you receive from the signing
CA. Another way you can renew the certificate is to use DCM to create a new
public-private key pair and Certificate Signing Request (CSR) for the certificate
and then send this information to the Internet CA to obtain a
new certificate. When you receive that certificate back from the CA you can
then complete the renewal process.
Import and renew a certificate obtained directly from an Internet CA
Import and renew a certificate reuses the CSR (Certificate Signing Request)
that was originally generated on a create certificate request. A new public-private key pair is
therefore not created. To import an automatically renewed certificate that was obtained from an
Internet CA to replace the existing certificate in the certificate store, follow these
steps.
The following figure demonstrates selecting Automatically Renewed Certificate to replace a certificate during import:
The figure demonstrates selecting Automatically Renewed Certificate to replace a certificate during import.
Renew a certificate by creating a new public-private key pair and CSR for the certificate
To renew a certificate with an Internet CA by creating a new public-private key pair and CSR for the certificate follow these steps
- In the navigation frame, click Open Certificate Store and select the certificate store that holds the certificate that you want to renew.
- Select the certificate you want to renew, expand the actions for the
certificate tile by clicking
+
, and select Renew. - Select Internet CA, provide a new certificate label, and click Renew.
- Select Copy to put the CSR text into your buffer to paste into the Internet CA website or file.
- Click back to return to certificate management.