Renewing X.509 Certificates, personal experience

Hi,

I'm posting this for the benefit of others. Not often one changes certificates in Cache, at least in my case. I run a system, that uses certificates to encrypt SOAP messages, and since the last time I ran it, my certificates expired.

So I renewed them using our PKI tool, so far so good. I gave all (3) certificates the same names (and filenames too) as to those expired, thinking that everything would just work fine next time I call the SOAP service.

Unfortunately, I got trapped.

It took me a rather longer while to realize that replacing old files with new ones is not enough. You also need to DELETE and CREATE again all your X.509 Credentials (with original names) to reflect changes, otherwise our X.509 credentials still remember old certificates with old serial numbers (yes, that's a good indicator saying what certificate is active)

Hope this helps others.

Dan