The Certificates snap-in enables you to renew a certificate issued from a Windows-based enterprise certification authority (CA) before or after the end of its validity period by using the Certificate Renewal Wizard.

About certificate validity

Every certificate has a validity period. After the end of the validity period, the certificate is no longer considered an acceptable or usable credential.

You can renew the certificate either with the same key set that you used before or with a new key set.

Before you renew a certificate, you must know the issuing CA. Optionally, if you want a new public key and private key pair for the certificate, you must know the cryptographic service provider (CSP) that should be used to generate the key pair.

For more information, see Renew a Certificate with a New Key and Renew a Certificate with the Same Key.

In addition, you can renew certificates issued from both enterprise CAs and stand-alone CAs with the CA Web enrollment pages by pasting the contents of a PKCS #7 file. For more information, see Request a Certificate by Using a PKCS #10 or PKCS #7 File.