![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(262.40000000000003, 43%, 35%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMC%3C/text%3E%3C/svg%3E)
1,923 questions
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(67.2, 68%, 16%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ELT%3C/text%3E%3C/svg%3E)
Hi,
Thank you for posting your query.
Kindly follow the steps provided below to resolve your issue.
Based on my research, there will be some difference when renew CA cert with the new key pair and existing key pair.
When you renew CA certificate with existing key pair, nothing important in certificate is changed. The certificate will contain the same public and private key. As the result all previously issued certificates will chain up to new CA cert without any changes.
When you renew CA certificate with new key pair, previously issued certs by old CA cert will chain up to previous CA cert and newly issued certs will chain up to new CA cert respectively.
For more information, you can refer to the following link: https://www.sysadmins.lv/blog-en/root-ca-certificate-renewal.aspx
This response contains a third-party link. We provide this link for easy reference. Microsoft cannot guarantee the validity of any information and content in this link.
Go to this link for your reference and other troubleshooting procedures https://learn.microsoft.com/answers/questions/394909/if-ent-ca-renew-with-new-key-does-client-know-to-c.html
Do not hesitate to message us if you need further assistance.
If the answer is helpful kindly click "Accept as Answer" and up vote it.