Renewing a certificate manually¶
Follow these steps to manually renew a certificate.
- Sign in to Venafi Control Plane.
- Click Inventory > Certificates.
- Find the certificate you want to renew, and then click the checkbox next to it.
-
In the local menu bar, click Renew.
After clicking Renew, you'll see either the Renew Certificate modal or the Certificate Request wizard. Click the section below based on what you see.
What controls which renewal option is shown?
TLS Protect Cloud presents the Renew Certificate modal when the certificate meets the following criteria:
- It was issued using Automated Secure Keypair
- It is assigned to just one application
- The certificate data still complies with the certificate issuing template
If any of these aren't met, then the Certificate Request wizard opens instead.
Will my tags be saved when I renew?
Yes. Important metadata about the certificate, including tags, is maintained when you renew an existing certificate.
If you see the Renew Certificate modal
To simply renew a certificate using the same properties, select No, just renew it, and then click Continue.
Validity period
This renewal option renews the certificate using the default (maximum allowed) validity period for the selected use case (issuing template).
For instance, if the issuing template has a maximum validity period of one year, but you overrode that default validity period when you created the original certificate and chose a shorter validity period, the renewed certificate will use the one-year validity period set by the template.
If you want to make changes to the certificate, select Yes, I want to make changes, and then click Continue. This opens the Certificate Requests wizard. Click the drop-down below for more instructions.
If you see the Certificate Request wizard
The information from the certificate you're renewing will be pre-populated as you walk through these steps.
On the Certificate Request screen, do the following:
- From the Application drop-down, select which TLS Protect Cloud application this certificate should be assigned to. After you select an application, its associated Issuing templates are listed.
- Select an Issuing template.
- (Optiona) Select or create tags to add to the certificate metadata.
- Click Continue.
- In the Complete request screen, select the Request method, and then complete the fields as necessary.
- Click Finish.
Viewing requests and new certificates¶
After submitting, you will be able to see your request on the certificate request list by clicking Inventory > Certificate requests. If the request has an Issued status, you can click the Common Name of the certificate. On the slide-out panel, click View Certificate.
If you renewed the certificate using the No, just renew it option, you will be able to view the previous version of the certificate in the Previous Versions tab.
If you renewed using the wizard, you will see both your new certificate and your old certificate in the inventory by clicking Inventory > Certificates.
What's next¶
You can assign your certificate to an application or a machine.
Your new certificate can also be downloaded and installed.
If your old certificate is no longer needed, you can retire it.