5.4. Renewing Certificates
This section explains how to use the different types of certificate renewal described in Section 3.4.1, “About Renewal”. You can use the methods described in this section to renew a certificate both with and without agent approval. To renew a certificate as a user without agent approval, use profiles that require the
CMCUserSignedAuthauthentication plug-in, and to renew with agent approval, use profiles that require the
CMCAuthauthentication plug-in. For further details about these plug-ins and in which profiles they are enabled by default, see Section 8.1.2, “CMC Authentication Plug-ins”.
5.4.1. Renewal Using the Same Key
Section 5.3.1, “The CMC Enrollment Process” describes how to request and issue a certificate using CMC. When a user submits the same CMC request created during this process again with the same enrollment profile, Certificate System renews the certificate with the same key.
5.4.2. Renewal Using a New Key
To renew a certificate using a new key, follow the procedure described in Section 5.3.1, “The CMC Enrollment Process”. The process for renewal is the same as for a new enrollment. When you sign the request with the same signing certificate, the newly issued certificate contains the same
subjectDNattribute as the signing certificate.