Certificate auto-renewal
The certificate auto-renewal feature allows you to manage your certificates by allowing the system to automatically renew your certificate before your current certificate expires. This is feature was recently added, which means that you may have existing certificate profiles that do not have auto-renewal enabled.
When certificate auto-renewal is enabled:
Your private certificates will auto-renew 6 hours before the certificate expires.
Your public certificates will auto-renew 14 days before the certificate expires because it requires a compliance review before the certificate can be issued.
Enable auto-renewal
This feature allows you to better manage your certificates by allowing the system to automatically renew your certificate before your current certificate expires. This is feature was recently added, which means that you may have existing certificate profiles that do not have auto-renewal enabled.
To enable auto-renewal on an existing certificate profile:
Sign in to DigiCert ONE.
Select the Manager menu (top right) > Software Trust.
Navigate to: Certificates > Certificate profiles.
Click on the certificate profile alias.
Click edit icon.
Complete these fields:
Field | Description |
|---|---|
Auto-renew | Select Yes if you want all certificates created using this certificate profile to automatically renew before they expire. |
Select No if you do not want any certificates created using this certificate profile to auto-renew. | |
Select Choose during certificate generation if you are unsure or want the option to choose when you create a certificate using this certificate profile. | |
Auto-renew scope | Select Apply to new certificates only if you only want the auto-renewal settings you have selected to apply to future certificates. |
Select Apply to new and existing certificates if you want the auto-renewal settings you have selected to apply future certificates and all certificates you have already created using this certificate profile. |
Once these fields are completed, some optional fields will become available:
Field | Description |
|---|---|
Signature algorithm | Choose the signature algorithm of the identity certificate. You can choose "match_issuer," meaning it will match the algorithm of the issuing CA, or you can choose a specific algorithm. |
Organization unit | Enter an organization unit to be displayed in your certificate details. |
Validity duration unit | Can be days or years. This can be limited based on the template you use. |
Validity duration value | The number of duration units the certificates created using this profile will be valid. For example, if you enter "days" for Validity duration units and enter "7" for Validity duration value, certificates using this profile will be valid for 7 days. Again, this can be limited based on the template you use. |
Key usages: additional usages for RSA | Choose whether certificates using this profile can be used for digital signature, non-repudiation, or key encipherment. |
Key usages: additional usages for ECDSA | Choose whether certificates using this profile can be used for digital signature or non-repudiation. |
Key usages: additional usages | Choose whether certificates using this profile can be used for code signing or client authentication. |
Nota
You can also set default values for these fields, which will determine the automatic settings for a certificate that uses the profile you create.
Change the auto-renewal setting for one certificate:
Sign in to DigiCert ONE.
Navigate to the Manager menu (top right) > Software Trust.
Select Certificates.
Click on the certificate alias.
Click edit icon.
Select Yes (to enable) or No (to disable) under the Auto-renew section.
Select Update.
Nota
If the above options are not available to you, confirm that your certificate profile meets the prerequisites to make this change.