The lifetime of IGCA user certificates and host certificates must be 12 months. User must rekey the related certificate when his or her certificate will expire. After you rekey the user or host certificate, you will own the brand-new certificate and private key. The previous certificate and private key will be revoked and you could not use them anymore.
The circumstances of rekey are as follows:
Case 1: After a certificate is revoked for reasons of key compromise;
Case 2: After a certificate has expired;
Case 3: One month prior to the expiration of the certificate.
Who may request for Rekey ?
A subscriber of IGCA can request for rekey of his/her certificate in the above said circumstances.
For User Cerificate:
Process for requesting rekey ?
Case 1: After a certificate is revoked for reasons of key compromise;
The compromised certificate will be revoked and the subscriber of the certificate should follow the enrollment process again to get a new certificate.
Case 2: After a certificate has expired;
The expired certificate must be revoked and the subscriber of the certificate should follow the enrollment process for requesting new certificate.
Case 3: One month prior to the expiration of the certificate.
- An automated email reminder will be sent to the user for rekey one month prior to the expiration of the certificate.
- Then the subscriber, who has valid certificate, need not fill the application form and need not go through the Face-to-Face meeting with RA until 5 years of initial registration.
- Request for the rekey using the online request form (Click “ ” > “Request a User certificate” ) and send an email along with the SERIAL No. to igca@cdac.in.
Note: The subscriber should use the same email id with which he/she registered with IGCA previously.
- In the email, the subscriber has to mention the current valid certificate serial no. and newly rekey certificate signing request(CSR)/SERIAL no.
- if a subscriber applies to rekey his/her certificate prior to the expiration of previous certificate, CA operator should revoke the previous certificate within 1 week after issuing the new certificate but not after the expiration time of the old certificate.
- IGCA does not permit certificate signing request with the same key as the previous certificate.
For Host Certificate:
Process for requesting rekey ?
Case 1: After a certificate is revoked for reasons of key compromise;
The compromised certificate will be revoked and the subscriber of the certificate should follow the Host Certificate Request process for requesting new certificate.
Case 2: After a certificate has expired;
The expired certificate must be revoked and the subscriber of the certificate should follow the Host Certificate Request process for requesting new certificate.
Case 3: One month prior to the expiration of the certificate.
- An automated email reminder will be sent to the user for re-key one month prior to the expiration of the current certificate.
- Then the subscriber, who has valid certificate, need not fill the application form and need not go through RA for Face-to-Face meeting until 5 years of initial registration.
- Request for the re-key using the Host Certificate Request process. (Click User > “ ” > “Server Certificate Request” ) and send an email along with the SERIAL No. to igca@cdac.in.
Note: The subscriber should use the same email id with which he/she registered with IGCA previously.