What does renewing a certificate really mean?

Question

Often one hears about "renewing an SSL certificate" or "renewing an X.509 certificate", but I wonder what this actually means. Usually, step #1 of the renewal process is "generate a new CSR". Doesn't this mean that what is actually happening is that a new certificate is actually being issued, possibly with the same information (and maybe even the same public/private key pair) as the expired certificate?

Is anything guaranteed to stay the same when the certificate is renewed? The subject would have to stay the same (otherwise, how could it be considered the same certificate?), but what else?

score 2 · Accepted Answer · answered Jan 28 '13 at 22:04

Generally, this means that a new certificate is issued, with the same common name / organizational details as the old certificate, but with a new expire date. There is nothing technically guaranteed to be the same (They could always just generate with a different CN and call it a renewal if they wanted to), but I wouldn't really consider that a renewal. The concept of a renewal is more for discounts or business/customer/sales reasons than anything technical.

What does renewing a certificate really mean?

1 Answers1