Replace a certificate

Certificate replacement allows you to replace your third-party certificate automatically or manually with a DigiCert certificate.

You can also replace your certificate when:

• You lost the private key of your certificate and want to get new keys.
• You want to change or add SANs to your certificate.
• You want to fix any compliance issues associated with the certificate.

You can either replace a certificate manual or setup automation for it to be configured automatically.

To see available certificate actions, go to Discovery > View Results page.

The auto-replace feature has been integrated with automation service, which in turn checks whether there are any automation setups available for matching IP/Port or certificate and automatically replaces them.

To submit an auto-replace request:

1. Identify the certificate or endpoint that you want to replace.
2. From the actions dropdown, select either “Reissue" or "Replace with DigiCert”.
3. Select the automated replacement option to continue.

For more information on setting up automation, see Set up ACME automation for an endpoint device.

The certificate installation starts immediately. In case, an automation setup is already configured, it will take you to the Manage automation page.

Replace your certificate if it is revoked or missing.

On Automation > Manage profiles page,

1. Find and click the name of the automation profile.
2. Select Auto-renew and install certificate.
3. Enable the Auto-replace this certificate if revoked or missing.
4. Click Save.

Discovery service monitors certificates by doing daily revocation checks. If a revoked certificate is found, this configuration ensures that the revoked is automatically replaced by a new certificate.