[AIX, Linux, Windows]

Renewing an existing personal certificate on AIX, Linux, and Windows

A personal certificate has an expiry date, after which the certificate can no longer be used. Follow this procedure to renew a personal certificate before it expires.

You can renew a personal certificate by using the runmqakm (GSKCapiCmd) command.

If you have a requirement to use larger key sizes for your personal certificates, you cannot renew an existing certificate. You must replace your existing key by following the steps described in Requesting a personal certificate on AIX, Linux, and Windows to create a new certificate request that uses the key sizes you require.

Using runmqakm

Issue the following command to create a certificate request to renew a personal certificate with the runmqakm command:
runmqakm -certreq -recreate -db filename -pw password
         -label label -target filename
where:
-db filename
Specifies the fully qualified file name of the key repository.
-pw password
Specifies the password for the key repository.
-label label
Specifies the certificate label. The certificate label is case-sensitive.
-target filename
Specifies the file name for the certificate request.

What to do next

Submit a certificate request to a CA. When you receive the signed certificate from the CA, add the signed certificate into the key repository. For more information, see Receiving personal certificates into a key repository on AIX, Linux, and Windows.