Flex certificates: Duplicate an SSL/TLS certificate
OV and EV TLS/SSL certificates include free duplicate certificates. However, when we started offering our flex certificates, we improved the duplicate certificates process. The new process enables you to get the duplicate certificate that fits your needs. To learn more about the benefits of flex certificates, Flex certificates.
Notice
Remember, duplicate certificates require domain and organization validation to be done before you request the certificate. Note that the duplicate certificate process does not include a workflow for validating domains and organizations.
Duplicate certificates to remove domains
With flex certificates, you don’t add domains when duplicating a certificate. Domains are added during the certificate reissue process. Instead, the flex certificate duplication process is used to remove and rearrange the domains included on your duplicate certificate.
For example, let’s say you have a Basic OV TLS certificate with *.example.com for the common name and *.example1.com, app.example3.com, and example2.com as SANs. Since it’s a flex certificate, you can create these duplicate certificates:
Certificate | Common name | SANs |
|---|---|---|
Original | *.example.com | *.example.com *.example1.com app.example3.com example2.com |
Duplicate 1 | *.example1.com | *.example1.com |
Duplicate 2 | app.example3.com | app.example3.com |
Duplicate 3 | example2.com | example2.com app.example3.com |
Reissue to add domains
If you want a duplicate certificate for a domain that's not on the original or reissued certificate, you need to reissue the flex certificate to add the domain—see Reissue an SSL/TLS certificate. After you've added the domain and your certificate has been reissued, create a duplicate certificate that includes that new domain.
Wildcard domain duplicates
With wildcard domains, you're able to secure a domain and all its first-level subdomains.
For example, a Secure Site OV certificate that secures *.example.com also secures add.example.com, my.example.com, app.example.com, and so on. Instead of creating a duplicate certificate for *.example.com, you might want to create individual duplicate certificates for each subdomain covered by *.example.com.
Subdomains included as SANs on the certificate
If the subdomain is already included as a SAN on the original or reissued certificate, create a duplicate certificate and move the subdomain to the common name field. Remove any unneeded SANs and submit your duplicate certificate request.
For example, let’s say you have a Secure Site Pro TLS certificate with *.example for the common name and sub.example.com, add.example.com, and my.example.com included as SANs. You can create a duplicate certificate for sub.example.com one for add.example.com, and another one for my.example.com.
Certificate | Common name | SANs |
|---|---|---|
Original | *.example.com | *.example.com add.example.com sub.example.com my.example.com |
Duplicate 1 | add.example.com | add.example.com |
Duplicate 2 | sub.example.com | sub.example.com |
Duplicate 3 | my.example.com | my.example.com |
Subdomains not included as SANs on certificates
If the subdomain isn't on the original or reissued certificate, you need to reissue the certificate and add the domain to the order—see Reissue an SSL/TLS certificate. After your certificate has been reissued, create a duplicate certificate for the subdomain.
For example, let’s say you have a Secure Site Pro SSL certificate with *.example as the common name. However, you want to get duplicate certificates for sub.example.com, add.example.com, and my.example.com.
To do this, you need to reissue the certificate and add sub.example.com, add.example.com, and my.example.com as SANs to the order. After your certificate is reissued, create duplicate certificates for sub.example.com, add.example.com, and my.example.com.
Certificate | Common name | SANs |
|---|---|---|
Original | *.example.com | *.example.com |
Reissued | *.example.com | *.example.com add.example.com sub.example.com my.example.com |
Duplicate 1 | add.example.com | add.example.com |
Duplicate 2 | sub.example.com | sub.example.com |
Duplicate 3 | my.example.com | my.example.com |