The renewal CSR should be created and signed with the existing keyset that corresponds the certificate to be renewed. This keyset is stored in the PEM file created during the initial certificate request generation. To carry out the renewal CSR generation user must remember PEM file password.
To create renewal CSR
- Run OpenSSL command:
openssl req -new -key privkey.pem -out newcsr.csr
- Type the PEM file password when asked.
- Type the information needed to create the request.
Do not delete your old certificate after you install the renewed one. Otherwise, the files which were encrypted with the old certificate would become inaccessible!