CERTivity offers the possibility to regenerate a Key Pair, more exactly to generate a new Key Pair using part of the information from an existing certificate and key information from a Key Pair.
In order to regenerate a Key Pair, in an opened KeyStore window,
select a Key Pair entry and invoke the contextual menu (usually by
performing a right click on the entry). From the menu that appears, select
Regenerate Key Pair. A
dialog similar to the one from
Generate Key Pair action will
appear which will have some fields pre-filled with the information
obtained from the certificate of the selected Key Pair. The information
which is taken from the certificate is:
Key Algorithm (of the public key);
Key Size (of the public key);
Certificate Signature Algorithm;
Certificate Subject/Issuer distinguished name components (Common Name (CN), Organization Unit (OU), Organization Name (O), Locality Name (L), State Name (ST), Country (C), Email (E)).
If some of the information mentioned above is missing, or can not be
extracted from the certificate, the defaults will be used. For example, if
the key algorithm type can not be parsed, the default selection will be
RSA, or if the Certificate Signature Algorithm can not be
obtained (or is of an unsupported type), the default value will be used
RSA keys, and
DSA keys). Also, the fields
representing the subject distinguished name components will be filled only
if these components are present in the certificate and contain a non empty
The Serial Number field will not be pre-filled with the value from
the certificate from the selected Key Pair, because each certificate must
have a unique serial number. Thus, this has to be provided (or generated
Generate button) by the user.
Also, the new certificate will be valid for the period mentioned in the Validity Period field (which by default is 1 year) and the validity period will start from the moment of generation, regardless of the validity of the initial certificate from which the information is obtained.
The Regenerate Key Pair dialog, allows adding extensions to the certificate as well, but these are not pre-filled with the ones from the initial certificate.
A new alias name for the new Key Pair that will be generated is required. The new Key Pair will not replace the initial one in the KeyStore.
After filling all the required information, press OK. You will be prompted to enter a password for the new Key pair, and the Key Pair will be generated.