This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(172.8, 83%, 26%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ECS%3C/text%3E%3C/svg%3E)
Hi
Our windows root CA certificate is about to expire. If i renew the root certificate with the same key, will the old root ca stop working or will they both work until the old one expires?
If i create a new root ca with a new private key, will all certificates that were created before, stop working after the old root certificate expires?
Thanks for the help
BR
Carlos
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(281.6, 80%, 37%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ETB%3C/text%3E%3C/svg%3E)
Hi
If you keep the same public and private key , all certificate created before will continue working.
You have to select no for generate new public and rivate key as mentioned below to keep existing certificate working:
For more details I invite you to read the following link: Renewal with existing key pair
Please don't forget to mark helpful answer as accepted
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(67.2, 68%, 16%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ELT%3C/text%3E%3C/svg%3E)
Hello there,
When you renew the CA certificate with the existing key pair, nothing important in the certificate is changed. The certificate will contain the same public and private keys. As the result, all previously issued certificates will chain up to a new CA cert without any changes. You just replace the old CRT file in AIA download locations.
Technically a root CA certificate cannot be renewed once expired. We can only generate a new CA certificate but when created using the existing key, it can be used to sign existing server certificates.
Root CA certificate renewal [https://social.technet.microsoft.com/wiki/contents/articles/2016.root-ca-certificate-renewal.aspx
Hope this resolves your Query !!
--If the reply is helpful, please Upvote and Accept it as an answer–