Does it hurt to have unused valid certs?


#1

Windows Server 2016 IIS 10

We had a bit of patching issues and had to roll back the server configuration to an earlier state. I had just renewed our website cert a week earlier. Since the registry and other config files were reverted, my automated cert checker task fired off and went out and renewed the (previously) expired certificate which had been reloaded.

So at this point the server is working fine, the new cert is working fine, and everything is happy. But I’m wondering about the still valid cert from a week earlier. Can that pose a security risk? Do I need to issue a revocation for that, or can I ignore it and just let it expire normally?


#2

If the server was compromised, you ought to revoke the affected certificates.

If it’s safe, you can just ignore it. It won’t do any harm.