How to Renew an Expired or Soon to Be Expired Personal Certificate

fox-mascot

In a post published a few months ago, I described how to create a free personal certificate using CAcert.org. Owning a personal certificate is a good thing — it allows you to digitally sign emails, documents, software or any other kind of data while proving that it is in fact you who does the signing. But such a certificate is valid only for six months.

Expiration Notice

CAcert.org sends you an expiration notice 30 days and 15 days before your personal certificate is set to expire.

This gives you ample time to log in to your CAcert.org account, renew your certificate and revoke the old certificate.

Renew and Revoke Online

You can use your old certificate to log into your CAcert.org account. Here is the certificate login link.

Once you are logged in, click Client Certificates > View in the right pane of the window.

CAcert Client Certificates

CAcert Client Certificates

Then select the expired or soon to be expired personal certificate and click on the Renew button.

You might also want to disable the old certificate’s login capability. To do this, untick the Login box next to the certificate and click on the Change settings button.

By allowing a certificate login, that certificate can be used to log in into your CAcert.org account via a secure https link.

Renew the Certificate Locally

However, it is not enough to renew your certificate at the certificate authority’s website. You also need to update your certificate locally, on your own computer.

To install or download your new CAcert certificate, simply click on the underlined email address of the certificate you have just renewed.

This will take you to the certificate’s information page.

install-certificate

Install your certificate

Here you can install your new certificate to your browser. Or you can download the certificate in PEM or DER format to your hard drive.

I usually install the new certificate via Mozilla Firefox, then export it to a PKCS #12 (Personal Information Exchange) file, and then import this file to Windows’ native certificate store.

I already described the details of this process earlier here.

Important Note

It is important to remember that all data, such as emails or documents, signed and encrypted with an old (already revoked) certificate will still require that old certificate to be located on your computer in order to make the encrypted data readable to you.

Liked this post?

Subscribe to our newsletter to receive early notification of new posts and deals:

Next Post »« Previous Post

Leave a Reply

Your email address will not be published. Required fields are marked *