Digital Certificates › General Rules › Certificate Replacement (Renewal)
Certificate Replacement (Renewal)
As part of the TSS REPLACE command processing, a certificate can be replaced without being deleted and reinserted. To replace an existing certificate, make sure that one of the following three cases is satisfied:
- The certificate being added is a duplicate of the existing certificate (it has the same serial number and issuer's distinguished name) and the labels and record keys of both certificates are the same.
- The certificate being added is not a duplicate of the existing certificate, has the same subject's distinguished name, issuer's distinguished name, and public key as the existing certificate, the end date and time on the certificate being added is later than on that of the existing certificate, the existing certificate is not expired, and the record keys of both certificates are the same.
- The certificate being added is not a duplicate of the existing certificate, has the same public key as the existing certificate, there is a private key associated with the existing certificate in the database, the existing certificate is NOT expired, and the record keys of both certificates are the same.
Copyright © 2014 CA Technologies.
All rights reserved.
|
|