Skip to main content

Reissue your client certificate

Use these instructions to reissue your the following certificates: Premium, Email Security Plus, Digital Signature Plus, Class 1 S/MIME, or Authentication Plus.

Warning

Before reissuing a Premium, Email Security Plus, Digital Signature Plus, and Class 1 S/MIME certificate that uses the deprecated Legacy profile

On July 10, 2025, DigiCert deprecated the Legacy profile used by DigiCert's old S/MIME products. When reissuing one of these older products, we reissue them using the Multipurpose profile.

The Legacy profile’s maximum validity is 1184 days, whereas the Multipurpose profile's maximum validity is 824 days. If reissuing a certificate with a remaining validity greater than 824 days, we truncate the validity on your reissue to 824 days without a refund.

End of life for old S/MIME products in CertCentral

On July 10, 2025, DigiCert deprecated our old S/MIME products in CertCentral: Premium, Email Security Plus, Digital Signature Plus, and Class 1 S/MIME. We replaced these products with our new Secure Email Certificates.

To learn more about the deprecation of DigiCert’s old S/MIME products, see the Old S/MIME products section of our Secure Email products article.

Before you begin

If organization policy requires you to include a certificate signing request (CSR) with your client certificate order, generate your CSR. Learn how to Create a CSR (certificate signing request).

Reissue a Premium client certificate

These instructions apply to reissuing a Premium certificate. Differences for other client certificate types are noted.

  1. In your CertCentral account, in the sidebar menu, select Certificates > Orders.

  2. On the Orders page, in the Order # column, select the certificate's order number link.

  3. On the Order # details page, the Certificate actions dropdown, select Reissue certificate.

  4. On the Reissue certificate for order page, under Recipient details, verify that the following information is correct.

    1. Recipient name (Common Name) Recipient's name as you want it to appear on the certificate.

      If you’re using a CSR, enter a fully qualified domain name (for example, www.example.com).

    2. Recipient Email The email address that you want to appear on the certificate. Separate multiple email addresses with commas.

      The first email address listed is used to send the recipient an email so they can generate their client certificate.

  5. If you’re using a CSR to create your certificate, upload or enter your CSR in the Recipient CSR box. We use the public key embedded in the CSR to create your client certificate. All other fields in the CSR are ignored.

    Note

    Your CSR must include the -----BEGIN NEW CERTIFICATE REQUEST----- and -----END NEW CERTIFICATE REQUEST----- tags.

  6. In the Signature hash dropdown, select a signature hash.

  7. In the Reason for reissue box, specify a reason for the certificate reissue.

  8. Select Request reissue.

What's next

CertCentral takes you to the certificate’s Order # details page where you can see the status of the email address verifications.

We send an email to each address listed in the certificate. The email includes a link so the recipient can validate that they own that email address. If the certificate recipient loses a validation email, you can resend it. See How to resend an email validation for DigiCert "client certificate" email.

After all email addresses are validated, an email is sent to the first email address on the list so the recipient can create their client certificate.

Note

If you submitted a CSR, the client certificate will be attached to the final email.

In this section: