Renew

CA certificates are fundamental to public key infrastructure (PKI) systems. When the CA certificate approaches its expiration date, it is crucial to renew it to maintain the integrity of encrypted communications and the security of the entire ecosystem relying on it.

If you want to extend the validity of the current CA using same private key, you can renew it within the existing PKI inventory.
Note: Renewal action is applicable only for certificates issued by AVX Native CA.
Before starting the renewal process, ensure that you:
  • Check the expiration date of the existing CA certificate.
  • Identify all dependent systems, certificates, and services relying on the CA to be renewed.
  • Review the signature algorithms and the certificate policies to ensure they adhere to the current security standards.

To renew CA:

  1. Go to (Menu) icon > PKI+ > CA Inventory.
    The CA Inventory page appears.
  2. Select the check box against the CA Name you want to renew.
  3. Click Actions and select Renew from the dropdown menu.
    The Renew CA page is displayed.
    Note: All fields are read-only except for Template, Valid for, Configure CA Subject DN Detail, and Key Size and Algorithm.
  4. Enter the renewal period in the Valid for field.
  5. Modify the Key Size and Algorithm, if required.
  6. Click Renew.
    A Confirm CA Renewal pop-up window with the message, CA certificate will be replaced all references to the previous, with the newly renewed CA certificate in auto-enrollment, policy and enrollment pages, is displayed.
  7. Click Proceed to confirm the changes.
    The custodians receive an email with the subject line, PKIaaS CA Management: CA renewal, in their inbox. Approval can be done either via email or by clicking the (Notification Center) on the top right-hand-corner of the page.

    Once the necessary custodian approvals are completed, the Approval Status changes from Renewal - Approval Pending to Renewal Approved.

What to do next:
  • You can enroll certifications by referring to the steps detailed in the Section, Adding/Enrolling Certificate.
  • You can click the View Certificate () icon and click the Common Name to access the holistic view and download the certificate.
  • You can view the audit log.