问题
I have an SSL certificate in a Java keystore. It's going to expire in a week or so and I need to renew it.
Can I reuse the previous CSR (which the CA still have) and then import the certificate using the import command or do I need to generate a new CSR?
回答1:
You can (if your CA doesn't check for public key reuse), but it's a bad security practice. The primary purpose of the validity period is to limit the time in which a certificate and associated private key is exposed to the possibility of being compromised.
来源:https://stackoverflow.com/questions/2787653/renew-certificate-with-java-keytool-reuse-old-csr