I need to create a new certificate for an internal server. It is self signed. Is there an easy way to just extend the expiration date of the current certificate? If not, can I reuse the current key, or do I need to generate a new one? I'll be using Java keytool.
All info I can find online it looks like I need to create a new keystore, but I'd rather skip that step if possible just to keep things simple.
No, there is no way to extend the expiration date of a certificate.
Yes, you can create a new certificate with a different expiration date that reuses the same public/private keypair.
If you want the private key and certificate combined in a single unit, you'll have to combine the private key with the new certificate.
It doesn't really matter what the key is, as long as it's signed by your certificate authority. Also, it's the CA that decides what the expiration date of the certificate is. Basically, run the self-signing procedure again, using either the same or a different certificate signing request. When acting as the CA, pick whatever expiration date you want.
