SSL Certificate, RENEW = Buy a Whole New one?

[Myke]

I've got a geotrust ssl certificate and the 1st year is up. Theyre telling me I need to renew it, so I click the link and i pretty much have to buy a whole new one, generate the CSR, install the thing.

do all companies make you install a new one every time you need to renew?

[Kakki]

I have three Security certs. One I purchased from thawte for my unix server using apache. Because of this factor, when I went to renew I had the option of buying a new one or renewing the old. It was easy...and expensive.

My other two certs are from geotrust. THey haven't come up for renewal yet so I have no idea if they will allow me the option of renewal or will force me to generate new key or not. Might depend on the company. Might depend on the kind of server. DId you check through their FAQ or do a search for renewal SSL certs on their website? Might be an answer in there somewhere?

[billiousness]

I just did a whole heap of InstantSSL renewals and had to go through the pain of gettinng a new CSR for each account. It takes up time but is obviously worth the effort.

[beley]

Yeah, that's why from now on when my SSL certificates renew I'm going to spring for 2 or 3 years at a time... save some of the headache!

[freakysid]

Yes you need to install a new cert when you renew - because the cert details including the expiry date are encrypted in the .crt file.

FYI - even the intermediate certificates installed on the server have expiry dates. I had to just update the Verisign one on one of my servers - it now expires in 2011.