From RFC 3647: Internet X.509 Public Key Infrastructure -- Certificate Policy and Certification Practices FrameworkRFC 3647: Internet X.509 Public Key Infrastructure -- Certificate Policy and Certification Practices Framework:
4.4.6. Certificate Renewal
This subcomponent is used to describe the following elements related to certificate renewal. Certificate renewal means the issuance of a new certificate to the subscriber without changing the subscriber or other participant's public key or any other information in the certificate:
- Circumstances under which certificate renewal takes place, such as where the certificate life has expired, but the policy permits the same key pair to be reused;
Which contradicts itself in that it initially states that during renewal you cannot change the public key or any other information in the certificate, but then goes on to say that a renewal can take place where the certificate life has expired.
and...
4.4.7. Certificate Re-key
This subcomponent is used to describe the following elements related to a subscriber or other participant generating a new key pair and applying for the issuance of a new certificate that certifies the new public key:
- Circumstances under which certificate re-key can or must take place, such as after a certificate is revoked for reasons of key compromise or after a certificate has expired and the usage period of the key pair has also expired;
