Renewing a self-signed certificate

If a self-signed certificate is about to expire, it is possible to renew it. You do not have to create a new certificate.

  1. List the certificates in the keystore and use the label "cert1" of the personal certificate to get detailed information on this certificate. The value of "Not After:" shows the certificate's expiration date. 
    
gsk8capicmd_64 -cert -list -db ssign.p12 -stashed
Certificates found

        default, - personal, ! trusted, # secret key
        -       cert1
gsk8capicmd_64 -cert -details -db ssign.p12 -stashed -lable cert1
Label : cert1
Key Size : 2048
Version : X509 V3
Serial : 450dfa054a483e88
Issuer : CN=domain,O=you,C=US
Subject : CN=domain,O=you,C=US
Not Before : September 28, 2022 5:00:27 PM CDT

Not After : September 30, 2022 5:00:27 PM CDT
  2. Renew the certificate for a period of one year: 
    gsk8capicmd_64 -certreq -recreate -db ssign.p12 -stashed -label cert1 -target ssign.csr
gsk8capicmd_64 -cert -sign -db ssign.p12 -stashed -label cert1 -file ssign.csr -target ssign.pem -expire 360
gsk8capicmd_64 -cert -receive -db ssign.p12 -stashed -file ssign.pem
gsk8capicmd_64 -cert -details -db ssign.p12 -stashed -label cert1 

Label : cert1
Key Size : 2048
Version : X509 V3
Serial : 6c240165e3561ddb
Issuer : CN=domain,O=you,C=US
Subject : CN=domain,O=you,C=US
Not Before : September 28, 2022 5:09:12 PM CDT

Not After : September 24, 2023 5:09:12 PM CDT