James, > I generated a new csr from the private key: > > openssl req -new -key 2016002C.key -out 2016002C_20240507.csr
No, you regenerated the same CSR from the same private key. > When I paste the entire .csr into openxpki webui I get this error: > > > The uploaded key was found to be used already by another certificate request > but it is not allowed to certify the same key twice. > > 1. What uploaded key does this message refer? To the public key in the (same) CSR you used before. > > 2. What specific series of events causes this message to be issued? The PKI design decision we implemented in OpenXPKI in order to prevent exactly this. > 3. What am I misapprehending with respect to issuing certificates for > existing > hosts? One of the reasons of having a NotAfter date in an X.509 Certificate is to limit exposure and active use of the associated private key. By default, OpenXPKI enforces this idea by not allowing reuse of the same private key for newly issued certificates. This is a good idea, but you can, of course, disable that if you so choose. Cheers Martin _______________________________________________ OpenXPKI-users mailing list OpenXPKI-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openxpki-users
