Thank you for your patient and kind clarifications. To make sure I learn the concept correctly, please check my following understanding is correct:
(1) RENEW a Secure Email Certificate is NOT simply extending the expiration date while keeping the current Certificate's private and public keys. RENEWing is actually getting a complete new Certificate with its own new pair of private and public keys.
(2) In order to read any old encrypted emails from my archive, I must keep all the expired Certificates otherwise I could not read them even with a current valid Certificate.
(3) However, the recipients of my digital signed emails do not and CANNOT keep any of my expired Certificates because they MUST update the Certificate of my email address in their address book with the most current one sent to them in my digital signed email.
(Q1: Would the IE's or OE's Certificate Manager automatically replace the existing Certificate in the recipient's address book with the new one as soon as he/she open my new incoming email with the new digital signature?)
(4) If I have more than one email accounts and addresses in the Outlook Express, and IE's Certificates Manager is managing all the Certificates for OE. I can have more than one current (not expired) Certificates with each associated with a particular email address. As time goes by, I may have tens or even hundred of Certificates in the IE Certificate Store and the IE Certificates Manager can somehow know which one to use without me to worry about it or remember which one is for what.
(5) Because the way the Standards have been specified (and not a limitation of the implementation), all Secure Email Certificates in the whole world, no matter whose implementations, are NOT renewable in the sense of just extending the expiration date while keeping the original public and private key pair.
(6) Lastly, to "renew" the current Certificate, I need to go back to "Free Secure Email Certificate:", http://www.instantssl.com/ssl-certificate-products/free-email-certificate.html
web page to apply a brand new Certificate independent from the current one but with the same email address registration in both the new and current Certificate
Q2: Am I correct on all the above understandings of the Secure Email Certificates?
If my understanding is correct, let me take the opportunity to say thank you again, my teacher. If I am still not getting it, please bear with me.
If there is a way, please give me more specific step-by-step instructions on
Q3: how can I RENEW my current Secure Email Certificate before its expiration through www.instantssl.com
by extending its expiration date while keeping its original public and private keys?
Moreover, I could not find any topic in the COMODO Knowledge Base talks about the concept. It may be a good idea and beneficial to others to add a topic of what you have just taught me in the Secure Email Certificates Knowledge Base.