Hello,
I need to update my end entity certificate using CMP key update request.
There are 2 possibilities for the private key to be used - 'existing' or
'new'.
RFC 4210 says:
"When a key pair is due to expire, the relevant end entity MAY request
a key update; that is, it MAY request that the CA issue a new
certificate for a new key pair (or, in certain circumstances, a new
certificate for the same key pair). ".
Q1. Is there any valid use case, where i need a new certificate for the
same(existing) key pair ? Or, is it ok, if i mandate my application to
always use a new key pair ?
Q2. In case of end entity certificate update/rekey, is there any policy
available for the CA to revoke the old end entity certificate, after
issuing a new certificate ?
[provided the old end entity certificate is not yet expired]
Appreciate an early reply.
Regards,
Sanjaya
