Re: How to renew a certificate programatically

From: dot (Stephane)
Date: 01/26/04

Date: Mon, 26 Jan 2004 14:01:08 -0800

Thanks again Krish

If i understand well, taking the smardcard example:
- when an admin request the certificate the first time for a user, he has to create a PKCS10 request containing the cert template, and sign it by the enrollment agent to get a PKCS7 request (what i developed),
- when the user certificate is about to expire, he can create a PKCS10 request containing the same cert template, and sign it using his current certificate to get the PKCS7 request.

Is that correct ?
PS : i can't use the xenroll control as i explained in the previous thread...

     ----- Krish Shenoy[MSFT] wrote: -----
     A renewal request is a request for a new certificate signed by the old
     certificate. It may use the same key or create a new key. The certificate
     must be current and valid (not revoked) for a renewal request to be
     A renewal request submitted to an Enterprise CA may refer to a template that
     allows the caller unconditional enroll access to the template, OR to a
     template that allows the caller enroll access to the template only when the
     request is signed by an old certificate with the same subject, that was
     constructed from the same template.
     In the latter case, a registration agent (a human) may be required to obtain
     the initial certificate on behalf of the user after verifying the user's
     identity in person, but auto-enroll can perform the renewal before the old
     certificate expires, without any registration agent or admin involvement.
     This is often how corporate smart cards are managed, for example.
     You can use the RenewalCertificate property in the xenroll interface to
     renew a certificate.
     Krish Shenoy[MSFT]
     This posting is provided "AS IS" with no warranties, and confers no rights.
     "Stephane Vinsot" <stephane (dot) vinsot (at) enatel (dot) com> wrote in
> Hi,
>> I managed to request and get some certificates that i put on my smartcard
     using certificate services controls and APIs.
> What is the difference between certificate request and certificate renewal
     procedure ?
> Should i perform the same operations just keeping the already generated
     keys, or is there a simplified way of renewing ?
>> Thanks a lot