Hacker News new | ask | show | jobs
by rwg 4449 days ago
All reasonable certificate authorities will — at no cost — revoke your existing certificate and issue you a new certificate with the same expiration date as your old certificate. You'd just need to send the CA a new certificate signing request created from a newly-generated RSA key pair.

If your CA wants you to buy a new certificate to recover from a key compromise, your CA is taking you for a ride, and you should find a less horrible CA to throw your money at.
1 comments
0x0 4449 days ago
I think startssl requires $$$$ to revoke and/or reissue those "free" certs before they expire :-/
link
StefanWallin 4448 days ago
Is there another good CA that doesn't charge $$$ for both issuing and revocations?
link
0x0 4448 days ago
I just got a revocation request accepted with no charge there.
link