Skip to main content

Renew your client certificate

Use these steps to renew your Authentication Plus and client certificate orders.

End of life for old S/MIME products in CertCentral

On July 10, 2025, DigiCert deprecated the old S/MIME products: Premium, Email Security Plus, Digital Signature Plus, and Class 1 S/MIME. These are replaced by Secure Email Certificates. See Secure Email products. If you have existing orders for these products, see Reissue your client certificate for deprecation impact on reissues.

Before you begin

If organization policy requires you to include a CSR with your client certificate renewal, create your CSR before proceeding. See How to create a CSR (Certificate Signing Request) and Generate a certificate signing request (CSR).

Renew client certificate

  1. In the CertCentral main menu, go to Certificates > Orders.

  2. On the Orders page, in the Order # column, select the certificate's order number link.

  3. On the Order # details page, the Certificate actions dropdown, select Renew certificate.

  4. On the Renew client certificate page, under Certificate settings, provide the certificate details for your renewal:

    1. Organization

      In the dropdown, select the organization you are requesting the Client certificate for. Only prevalidated organizations appear in the dropdown. If you can't find the organization you are looking for, contact your manager.

      Note: The organization name appears on your client certificate.

    2. Organization unit

      Adding an organization unit is not required; you can leave this box blank.

      If you want to designate the organization unit the certificate will be used for, in the box, enter the organization unit name.

    3. Signature hash

      In the dropdown, select a signature hash.

    4. Validity period

      Select a validity period for the certificate: 1 year, 2 years, 3 years, custom expiration date, or custom length.

  5. Under Order options, in the Automatic renewal dropdown, select how often you want the certificate to be renewed.

  6. Under Certificate(s) to request, enter the recipient's details:

    1. Recipient name (Common Name)

      Enter the recipient’s name as you want it to appear on the client certificate.

      If you are using a CSR to create your certificate, you must enter the fully qualified domain name (for example, www.example.com).

    2. Recipient email

      The email address you want to appear on the certificate. Separate multiple email addresses with commas.

      The first email address listed is used to send the recipient an email so they can generate their client certificate.

  7. If you are using a CSR to create your certificate, upload or paste your CSR in the Recipient CSR box.

    We use the Public Key embedded in the CSR to create your client certificate. All other fields in the CSR are ignored.

    注記

    Your CSR must include the -----BEGIN NEW CERTIFICATE REQUEST----- and -----END NEW CERTIFICATE REQUEST----- tags.

  8. To add additional client certificate recipients, click Add another certificate and enter the recipient’s details.

  9. Select your payment method

    Under Payment information, select a payment method to pay for the certificate:

    1. Pay with credit card

      Don’t have a contract or don’t want to use the contract to pay for this certificate? Use a credit card to pay for the certificate.

      Note: We authorize the card when the request is made. However, we only complete the transaction once we issue your certificate.

    2. Pay with contract terms

      Have a contract and want to use it to pay for the certificate? Use the contract to pay.

      Note: When you have a contract, it is the default payment method.

    3. Pay with account balance

      Don’t have a contract or don’t want to use the contract to pay for this certificate? Bill the cost to your account balance

      To deposit funds, select the Deposit link.

      注記

      The Deposit link takes you to another page inside your CertCentral account. Any information entered in the request form will not be saved.

  10. Certificate Services Agreement

    Read the agreement and check I agree to the Certificate Services Agreement above.

  11. Select Submit request.

CertCentral takes you to the certificate’s Order # details page where you can see the status of the email address verifications.

DigiCert validates and sends email

DigiCert sends an email to each address listed in the certificate. The email includes a link so the recipient can validate that they own that email address,

After all email addresses are validated, DigiCert sends an email to the first address on the list so the recipient can create their client certificate. If using a CSR, the client certificate is attached to the final email.

注記

If the certificate recipient loses a validation email, you can resend it. See Resend the email validation for DigiCert client certificate email.

Related topics

  • Reissue your client certificate to reissue instead of renewing

  • Secure Email products for new S/MIME certificate products replacing deprecated client certificates

What's next

Generate your client certificate to generate the certificate after email validation is complete

このセクションの内容: