Certificate renewal means the issuance of a new certificate containing the same public key as an already issued certificate. Note that certificate renewal does not mean issuing a new certificate with the same certificate serial number or that the CA has access to the end entity's private key.

To renew a certificate, do the following:

  1. In the EJBCA RA Web, click Search-> End Entities and find the end entity in question.
  2. Set status to NEW.
  3. Have the end entity create a new certificate request (CSR), using the same public key as the first certificate.
  4. Send the new certificate request to the CA (the same way you did when getting the first certificate).
  5. Get the certificate back.

Since the CA has all public keys of the end entities, as they are in the certificates that the CA stores, this process can be automated. How to automate the process is more advanced and can be done in many ways, suitable for different workflows, and is not described here.