Skip to main content

Tutorial: Renew a certificate

This tutorial shows how to use the renewcert.py script to renew certificates.

Certificates expire and must be renewed before expiration to maintain continuous secure access.  This renewal script does not alter the CA key but renews the CA certificate. When server and client key pairs are renewed, both the key and the certificate are regenerated. Private key generation should only be done by the subject of the certificate. This example assumes you have administrator privileges on all of the subject machines.  If the certificate is intended for another individual, that individual should generate their own private key and a certificate signing request, and present only the certificate signing request to the CA, who then generates the certificate.

When a CA certificate is renewed, it must be re-imported to all desired sources.

Optional steps

  • If not yet done, run the Create a CA certificate script that saves settings to CertificateSettings.json,

  • You should have previously established secure connections using the certificates you are renewing.

  1. Navigate to the <faircomInstallationDirectory>/drivers/certificates folder.

  2. At the command prompt, run the python renewcert.py command.

    A numbered list of the directories that contain certificates is displayed.

  3. Enter the number that is displayed to the left of the directory you wish to renew.

    Note

    If only one directory contains certificates, that directory is automatically selected and a notification is displayed.

    You are prompted for the renewal certificate validity duration in months. This is based on the current date.

  4. Enter the desired number of months.

    A summary is displayed of all command-line options and values that will be used when the command to perform this operation is run. You may want to make a copy of this information, so you can repeat this exact run in the future. Only the serial number will be different.

  5. Press Enter to renew the key pair files in the input directory.

    The CA key pair is loaded, the key pair files are renewed and saved, and the resulting output is displayed.

    Note

    The output files listed at the bottom always show the absolute path to the files, even if relative paths were used throughout the program.

  6. Press Enter to exit.