Reissue Client certificates (Admin)

Before you begin

Use these instructions to reissue the following types of Client certificates:

  • Digital Signature Plus
  • Email Security Plus
  • Authentication Plus
  • Premium

The process for reissuing any type of Client certificate in your CertCentral account is the same:

  • If required by your organization, create a Certificate Signing Request (CSR).
  • Fill out the Client certificate request form.
  • Wait for approval.

Reissue a Premium Client certificate

These instructions apply to reissuing a Premium certificate; differences for other Client certificate types are noted.

  1. If required by your organization, create your CSR. Learn how to create a CSR, see Create a CSR (Certificate Signing Request).

To remain secure, certificates must use 2048-bit keys.

  1. In your CertCentral account, in the sidebar menu, click Certificates > Orders.

  2. On the Orders page, locate the Premium client certificate you need to reissue.

  3. In the Order # column, click Quick View on the certificate you want to reissue.

  4. In the Order details panel, click Reissue Certificate.

  5. On the Reissue Certificate for Order page, under Recipient Details, verify that the information is correct.

    1. Recipient Name (Common Name)
      Recipient's name as you want it to appear on the certificate.

      If you are using a CSR, enter a fully qualified domain name (for example, www.example.com)
    2. Recipient Email
      The email address that you want to appear on the certificate. Separate multiple email addresses with commas.

      The first email address listed is used to send the recipient an email so that they can generate their Client certificate.
    3. If you are using a CSR to create your certificate, upload or paste your CSR in the Recipient CSR box. We use the Public Key embedded in the CSR to create your Client certificate; all other fields in the CSR are ignored.

Your CSR must include the -----BEGIN NEW CERTIFICATE REQUEST----- and -----END NEW CERTIFICATE REQUEST----- tags.

  1. In the Signature Hash dropdown, select a signature hash.

  2. In the Reason for Reissue box, specify a reason for the certificate reissue.

  3. Click Request Reissue.

What's next

You'll be taken to the certificate’s Manage Order # page where you can see the status of the email address verifications.

Each email address listed in the certificate request is sent an email that contains a link so that the recipient can validate that they own that email address. If the certificate recipient loses a validation email, you can resend it. See How to Resend an Email Validation for DigiCert "Client Certificate" Email.

After all email addresses are validated, an email is sent to the first email address on the list so that the recipient can create their Client certificate.

Note: If you submitted a CSR, then the Client certificate will be attached to the final email..

For instructions on how to install the Client certificate, see (Windows) Importing Your Personal ID Certificate.

About

DigiCert is the world's leading provider of scalable TLS/SSL, IoT and PKI solutions for identity and encryption. The most innovative companies, including 89% of the Fortune 500 and 97 of the 100 top global banks, choose DigiCert for its expertise in identity and encryption for web servers and Internet of Things devices. DigiCert supports TLS and other digital certificates for PKI deployments at any scale through its certificate lifecycle management solution, CertCentral®. The company is recognized for its enterprise-grade certificate management platform, fast and knowledgeable customer support, and market-leading security solutions. For the latest DigiCert news and updates, visit digicert.com or follow @digicert.

©2020 DigiCert, Inc. All rights reserved. DigiCert, its logo and CertCentral are registered trademarks of DigiCert, Inc. Norton and the Checkmark Logo are trademarks of NortonLifeLock Inc. used under license. Other names may be trademarks of their respective owners.