i am wondering how the certificate renewal works and what is best practise. Let's imagine that i have a device which has private key and certificate (public key) signed by CA. Once the renewal of the certificate is needed, does the device just generates a new pair of private and public key and send a new CSR to CA or does this CSR require also public key of the certificate that is going to be changed?
The use case is not to use the old pair of private and public key but to always use new pair of private and public key. The question is if this new public key signed by private key and send by CSR has to be signed by the old private key also as an additional level of authentication of the device.
Thanks a lot for your answers.
I am trying to find the answer on the Google but haven't found exact answer yet. I am still googling but i would like to increase my chance to get some answers or opinions on this topic.