Skip to content

EasyRSA Renewal

Jump to bottom
TinCanTech edited this page Nov 11, 2024 · 13 revisions

More detailed information: EasyRSA-Renew-and-Revoke.md

> renew Why ?

Because a certificate expired but nothing else changed.

> renew How ?

  1. Upgrade to EasyRSA Version 3.1.1

  2. Use renew <commonName>

    This will leave two certificate for <commonName>.

  3. Use revoke-renewed <commonName> [reason]

    This will leave one renewed certificate for <commonName>.

> revoke-renewed cannot find certificates for <commonName> ?

  • If an earlier version of easyrsa has been used to renew a certificate:

  1. Use rewind-renew <serialNumber>

    This will save the files stored by serialNumber back to files named by <commonName>.

  2. Use revoke-renewed <commonName> [reason]

    This will revoke the old certificate, which has been replaced by a new certificate.

> renew found an old certificate for <commonName> ?

  1. Use revoke-renewed <commonName> [reason]

> Update CRL

See easyrsa help gen-crl

Clone this wiki locally