Currently, when 'getcert resubmit' is invoked, we force generation of a new CSR with possibly-changed request contents, but we don't have a way to force generation of a new key. For cases where a key has been compromised or is being retired, we should.
Metadata Update from @nalin:
- Issue set to the milestone: 0.78
to comment on this ticket.