Renewing an existing personal certificate on AIX, Linux, and Windows
A personal certificate has an expiry date, after which the certificate can no longer be used. Follow this procedure to renew a personal certificate before it expires.
You can renew a personal certificate by using the runmqakm (GSKCapiCmd) command.
If you have a requirement to use larger key sizes for your personal certificates, you cannot renew an existing certificate. You must replace your existing key by following the steps described in Requesting a personal certificate on AIX, Linux, and Windows to create a new certificate request that uses the key sizes you require.
Using runmqakm
runmqakm -certreq -recreate -db filename -pw password
-label label -target filename
where:- -db filename
- Specifies the fully qualified file name of the key repository.
- -pw password
- Specifies the password for the key repository.
- -label label
- Specifies the certificate label. The certificate label is case-sensitive.
- -target filename
- Specifies the file name for the certificate request.
What to do next
Submit a certificate request to a CA. When you receive the signed certificate from the CA, add the signed certificate into the key repository. For more information, see Receiving personal certificates into a key repository on AIX, Linux, and Windows.