Reissued SSL Certificate
My SSL certificate is about to expire in June 2016. In my zeal to renew it, I made two mistakes:
1. I generated a CSR (Certificate Signing Request) for a 4096-bit RSA key. I just found out that one of the services my server connects to does not support anything higher than 2048-bits at this point.
2. Instead of RENEWING the certificate, I inadvertently had my existing certificate REISSUED - so it still expires in June 2016.
So my questions are these:
1. Although I generated the CSR on my server, but now don't want to load the reissued certificate, can I just generate a new CSR and leave the old one out there unused? Essentially I would generate a new CSR and this time request a 2048-bit RSA key and RENEW the certificate rather than REISSUE the existing one.
2. Since I had my existing certificate REISSUED, will the existing one on my server become invalid if I don't load the new reissued certificate now?
I am using Windows Server 2012 R2 with IIS 8.
Thank you for any guidance.
1. I generated a CSR (Certificate Signing Request) for a 4096-bit RSA key. I just found out that one of the services my server connects to does not support anything higher than 2048-bits at this point.
2. Instead of RENEWING the certificate, I inadvertently had my existing certificate REISSUED - so it still expires in June 2016.
So my questions are these:
1. Although I generated the CSR on my server, but now don't want to load the reissued certificate, can I just generate a new CSR and leave the old one out there unused? Essentially I would generate a new CSR and this time request a 2048-bit RSA key and RENEW the certificate rather than REISSUE the existing one.
2. Since I had my existing certificate REISSUED, will the existing one on my server become invalid if I don't load the new reissued certificate now?
I am using Windows Server 2012 R2 with IIS 8.
Thank you for any guidance.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Hi Wheelsm,
As paulmacd said you can regenerate the CSR as many times as you want and it wont effect any of your website.
For the second problem as you have reissued with 4096-bit RSA key but reissue wont be a problem as you can reissue it once again with the proper setting ( with 2048 bit) in CSR and reissue the certificate with new settings until you renew the certificate.
Good Luck!!!!!!
As paulmacd said you can regenerate the CSR as many times as you want and it wont effect any of your website.
For the second problem as you have reissued with 4096-bit RSA key but reissue wont be a problem as you can reissue it once again with the proper setting ( with 2048 bit) in CSR and reissue the certificate with new settings until you renew the certificate.
Good Luck!!!!!!
ASKER
I generated a new CSR this morning (2048-bit) and this time RENEWED my certificate. I just got the new certificate back. All good! Thank you again for your help!
Very happy to help. Thank you for the points.
Glad to see that your issue is resolved !!
ASKER