Menu Close

3.4. Configuring Profiles to Enable Renewal

This section discusses how to set up profiles for certificate renewals. For more information on how to renew certificates, see Section 5.5, “Renewing Certificates”.
A profile that allows renewal is often accompanied by the renewGracePeriodConstraint entry. For example:
policyset.cmcUserCertSet.10.constraint.class_id=renewGracePeriodConstraintImpl Grace Period Constraint
policyset.cmcUserCertSet.10.default.class_id=noDefaultImpl Default

3.4.1. Renewing Using the Same Key

A profile that allows the same key to be submitted for renewal has the allowSameKeyRenewal parameter set to true in the uniqueKeyConstraint entry. For example:
policyset.cmcUserCertSet.9.constraint.class_id=uniqueKeyConstraintImpl Key Constraint
policyset.cmcUserCertSet.9.default.class_id=noDefaultImpl Default

3.4.2. Renewal Using a New Key

To renew a certificate with a new key, use the same profile with a new key. Certificate System uses the subjectDN from the user signing certificate used to sign the request for the new certificate.