How can an expiring or expired user digital certificate signed by a local CA (Certificate Authority) be renewed?

Document ID : KB000026637
Last Modified Date : 13/12/2018
Show Technical Document Details
Question:

How can an expiring or expired user digital certificate signed by a local CA (Certificate Authority) be renewed?

Answer:
The RENEW subcommand allows you to renew a certificate that is signed by a local CA(Certificate Authority) in a single step. The certificate must exist in the CA ACF2 database and must have a private key. The new EXPIRE date must fall before the EXPIRE date of the signing CERTAUTH certificate. The private key of CERTAUTH certificate signing the renewed certificate must also be in the CA ACF2 database. If SIGNWITH is not specified, the RENEW subcommand finds the original signing certificate, and signs the renewed certificate with the original signing certificate if the original signing certificate has a private key.

The following outlines the process to Renew a certificate signed by a local CA (Certificate Authority).
  • CHKCERT of the certificate to be renewed and note the EXPIRE.
  • RENEW certificate with a new expire date.
  • CHKCERT the certificate after the RENEW and verify the changed EXPIRE date.

Corresponding ACF Commands:

ACF
CHKCERT USER01.CERT
RENEW USER01.CERT EXPIRE(12/31/2030)
CHKCERT USER01.CERT

Details on the RENEW command can be found in the CA ACF2 Documentation in section "RENEW Subcommand".