Replace a certificate from Discovery results
This procedure replaces a third-party or non-DigiCert certificate discovered in the CertCentral Discovery inventory from the Discovery > View Results page, using either an automated path (for endpoints with an existing automation configuration) or a manual path (for endpoints without one).
When to use this procedure
Use this procedure to replace a certificate discovered in the Discovery inventory when:
The certificate was issued by a third-party certificate authority
The private key has been lost or compromised
Subject alternative names (SANs) need to be changed or added
The certificate has a compliance issue
The certificate has been revoked or is missing
Before you begin
Run a Discovery scan to populate the certificate inventory. Certificates must appear in Discovery > View Results before they can be replaced.
For automated replacement: at least one automation client (ACME agent or sensor) must be installed, configured, and associated with an automation profile for the target endpoint. See Create and manage automation profiles.
For manual replacement: no automation prerequisites are required. A DigiCert certificate order is submitted and managed from CertCentral.
Notice
CertCentral determines the replacement path automatically based on whether an automation configuration exists for the endpoint. If a matching configuration is found, CertCentral routes to the automated path. If no configuration exists, the manual path is used.
Replace the certificate: automated path
Use this path when the endpoint already has an automation configuration in CertCentral.
In the CertCentral main menu, go to Discovery > View Results.
Locate the certificate to replace.
From the Actions dropdown, select Replace with DigiCert.
CertCentral checks for an existing automation configuration matching the endpoint IP, port, or certificate.
If a matching automation configuration is found, CertCentral routes to the Manage automation page. Certificate installation starts immediately using the configured automation profile.
Replace the certificate: manual path
Use this path when no automation is configured for the endpoint.
In the CertCentral main menu, go to Discovery > View Results.
Locate the certificate to replace.
From the Actions dropdown, select Replace with DigiCert.
Complete the certificate order form.
Submit the certificate order.
DigiCert issues the replacement certificate after domain and organization validation are complete. Install and configure the replacement certificate on the server manually.
The replacement certificate replaces the third-party or non-DigiCert certificate on the endpoint. The Discovery inventory updates on the next scan to reflect the new certificate.