Renew a personal certificate based on CSR
In order to renew a personal certificate based on CSR, you should submit a new CSR signed by your old, still active certificate! The new DN requested in the CSR must be the same as in the old certificate!
To sign a new CSR by your old certificate, you can use the following OpenSSL command:
openssl smime -sign -in your_new_csr.pem -out new_csr.signed -signer your_valid_certificate.pem -inkey private.key -text
The request should include a properly formatted DN (C=PL, O=GRID, O=...)