I have an existing SSL wildcard certificate at GoDaddy that expires in a few months. Traditionally we would renew this certificate and, in doing so, begin the countdown towards the existing certificate becoming invalid (72 hours according to the rep on the phone).
I was told that I could, instead, simply buy a totally new certificate and thereby take my time installing it. The caveat, apparently, is that the purchase has to be coordinated by a support rep so that it doesn't come into the system as a renewal.
Will this approach work? Does someone have experience with this? We use the certificate on a dozen servers across several platforms, so the goal here is simplifying this process as much as possible.
Best Answer
As far as I know the majority (all maybe?) of the SSL providers do not add the old certificate to a Certificate Revocation List nor will they respond negatively to an OCPS request when a certificate renewal is requested. In other words, the current certificate will remain valid and you have until the time it expires to roll out the new certificate, regardless of whether you renew or buy a new certificate.
If you purchase for instance a 2-year renewal typically the new certificate will be valid until
old expiry date + 2 years.If you buy a new certificate valid for two years, it will remain valid until
today + 2 yearsand you'll have less value from the new certificate.