Renew a Certificate with the Same Key

Renewing a certificate with the same key provides maximum compatibility with past uses of the accompanying key pair, but it does not enhance the security of the certificate and key pair.

Users or local Administrators is the minimum group membership required to complete this procedure. Review the details in "Additional considerations" in this topic.

To renew a certificate with the same key

1. Open the Certificates snap-in for a user, computer, or service.

2. In the console tree, expand the Personal store, and click Certificates.

3. In the details pane, select the certificate that you are renewing.

4. On the Action menu, point to All Tasks, point to Advanced Operations, and then click Renew this certificate with the same key to start the Certificate Renewal Wizard.

5. If more than one certificate is listed in the Request Certificates window, select the certificate that you want to renew. Do one of the following:

   • Use the default values to renew the certificate.
     
     
   • Click Details, and then click Properties to provide your own certificate renewal settings. You need to know the certification authority (CA) issuing the certificate.
     
     

6. Click Enroll. After the Certificate Renewal Wizard has successfully finished, click Finish.

Additional considerations

• User certificates can be managed by the user or by an administrator. Certificates issued to a computer or service can only be managed by an administrator or user who has been given the appropriate permissions.
  
  
• To open the Certificates snap-in, see Add the Certificates Snap-in to an MMC.
  
  
• Once renewed, the old certificate will be archived.
  
  
• You can use this procedure to request certificates from an enterprise CA only. To request certificates from a stand-alone CA, you need to request certificates by using Web pages. The Web pages for a Windows-based CA are located at http://servername/certsrv, where servername is the name of the server that hosts the CA.