SECURING


Key rollover options

When you request a key rollover, select one of the following options in theRequest key rollover field.
OptionDescription
Replace compromised keyUse this option to replace a key and revoke its certificates when a key is compromised. This action revokes all current valid certificates and any expired certificates found in the Archive view.

The only difference from Request new key & revoke existing certificate is that the reason code in the ACME request revoking the certificate is "Compromised key."

Request new keyUse this option to request a new key, for example, to change key strength or key type. This action creates a new key and certificates and moves the original certificates to the Archive view.
Request new key & revoke existing certificateUse this option to replace a key and revoke its certificates when a key is not compromised. This action revokes all current valid certificates and any expired certificates found in the Archive view.

The only difference from Replace compromised key is that the reason code in the ACME request revoking the certificate is "Superceded."

Parent topic: Requesting a key rollover