The only reason to change is if you want to change the algorithm parameters, or an algorithm is no longer supported, or your certificate changes in some way (new SAN maybe). I have been using the same CSR's for years, primarily because it saves a step when generating those LetsEncrypt certs every 90 days....

Pete Helgren
www.petesworkshop.com
GIAC Secure Software Programmer-Java
GIAC Cloud Penetration Tester
AWS Certified Cloud Practitioner
Microsoft Certified: Azure Fundamentals

On 7/2/2024 10:24 AM, Jon Paris wrote:
Brad,

I was _advised_ to create a new CSR every year for security reasons but told it was not essential as the old CSR would still be valid.

I chose to create a new one.


Jon P.

On Jul 1, 2024, at 5:57 PM, Brad Stone <bvstone@xxxxxxxxx> wrote:

Ah.. if it's a 5 year one then maybe. I know 3-4 years ago, though,
Namecheap said they can still sell 5 year certs, but you still need a new
CSR every year.

On Mon, Jul 1, 2024 at 3:59 PM <joe.holt@xxxxxxxxxxx> wrote:


It surprised me as well. GoDaddy tells you it renewed. You login and
download the new cert file and import it. I do think there is like a 5
year limit on the original CSR but I'm pulling this from old memory.

***
Joe W Holt
Sr Programmer/Engineer
Jack Onofrio Dog Shows, LLC
405.427.8181



From: "Brad Stone" <bvstone@xxxxxxxxx>
To: "Web Enabling the IBM i (AS/400 and iSeries)"
<web400@xxxxxxxxxxxxxxxxxx>
Date: 07/01/2024 03:53 PM
Subject: Re: [WEB400] Digital Certificate Manager renew GoDaddy Cert
Sent by: "WEB400" <web400-bounces@xxxxxxxxxxxxxxxxxx>



I've never gotten a cert without a CSR.. Maybe Godaddy is different. I use
NameCheap.

On Mon, Jul 1, 2024 at 3:49 PM <joe.holt@xxxxxxxxxxx> wrote:


I've renewed the same cert without creating a new CSR for the last 2
years
at least in DCM. You just import the cert as you did the original and it
should work.

***
Joe W Holt
Sr Programmer/Engineer
Jack Onofrio Dog Shows, LLC
405.427.8181



From: "Brad Stone" <bvstone@xxxxxxxxx>
To: "Web Enabling the IBM i (AS/400 and iSeries)"
<web400@xxxxxxxxxxxxxxxxxx>
Date: 07/01/2024 03:37 PM
Subject: Re: [WEB400] Digital Certificate Manager renew GoDaddy
Cert
Sent by: "WEB400" <web400-bounces@xxxxxxxxxxxxxxxxxx>



To renew, you usually do this:

1. In DCM, click renew certificate.
2. DCM generates a CSR
3. You go to the issuer of your cert and renew it, giving them the CSR
that DCM created.
4. Do some validation of ownership of the domain/property.
5. Get the cert from the issuer.
6. Import the cert into DCM.
7. Update any configs/app applications.
8. Restart server(s).



On Mon, Jul 1, 2024 at 1:09 PM Art Tostaine, Jr. <atostaine@xxxxxxxxx>
wrote:

Using systemname:2006/dcm. GoDaddy sent us an email that our
certificate
was renewed. I downloaded 2 CRT files and a PEM.

I thought it would be as easy as finding the certificate and click
renew
and upload a new file. What is the process? When I click renew on the
cert,
it asks if its local or Internet. When I click Internet I'm setting up
a
whole new CA?

Any help/links would be appreciated. I finally found some IBM docs but
it's
for the old CM.




https://www.ibm.com/support/pages/renewing-third-party-ssl-certificate-digital-certificate-manager-dcm

Thanks, Art
--
This is the Web Enabling the IBM i (AS/400 and iSeries) (WEB400)
mailing
list
To post a message email: WEB400@xxxxxxxxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: https://lists.midrange.com/mailman/listinfo/web400
or email: WEB400-request@xxxxxxxxxxxxxxxxxx
Before posting, please take a moment to review the archives
at https://archive.midrange.com/web400.


--
This is the Web Enabling the IBM i (AS/400 and iSeries) (WEB400) mailing
list
To post a message email: WEB400@xxxxxxxxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: https://lists.midrange.com/mailman/listinfo/web400
or email: WEB400-request@xxxxxxxxxxxxxxxxxx
Before posting, please take a moment to review the archives
at https://archive.midrange.com/web400.


--
This is the Web Enabling the IBM i (AS/400 and iSeries) (WEB400) mailing
list
To post a message email: WEB400@xxxxxxxxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: https://lists.midrange.com/mailman/listinfo/web400
or email: WEB400-request@xxxxxxxxxxxxxxxxxx
Before posting, please take a moment to review the archives
at https://archive.midrange.com/web400.


--
This is the Web Enabling the IBM i (AS/400 and iSeries) (WEB400) mailing
list
To post a message email: WEB400@xxxxxxxxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: https://lists.midrange.com/mailman/listinfo/web400
or email: WEB400-request@xxxxxxxxxxxxxxxxxx
Before posting, please take a moment to review the archives
at https://archive.midrange.com/web400.


--
This is the Web Enabling the IBM i (AS/400 and iSeries) (WEB400) mailing
list
To post a message email: WEB400@xxxxxxxxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: https://lists.midrange.com/mailman/listinfo/web400
or email: WEB400-request@xxxxxxxxxxxxxxxxxx
Before posting, please take a moment to review the archives
at https://archive.midrange.com/web400.


--
This is the Web Enabling the IBM i (AS/400 and iSeries) (WEB400) mailing list
To post a message email: WEB400@xxxxxxxxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: https://lists.midrange.com/mailman/listinfo/web400
or email: WEB400-request@xxxxxxxxxxxxxxxxxx
Before posting, please take a moment to review the archives
at https://archive.midrange.com/web400.


As an Amazon Associate we earn from qualifying purchases.

This thread ...

Follow-Ups:
Replies:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.