Renew Client certificates (Admin)

Before you begin

These instructions apply to the following Client certificate types:

  • Digital Signature Plus
  • Email Security Plus
  • Authentication Plus
  • Premium

The general process for issuing Client certificates is:

  1. (If required) Create the Certificate Signing Request (CSR).
  2. Complete the Client certificate request form.
  3. Wait for approval.

Renew a Client certificate

The below instructions apply to renewing a Premium certificate; differences for other Client certificate types are noted.

Any custom fields your company/organization added will not be documented.

  1. If required, create your CSR.

    To learn how to create a CSR, see Create a CSR (Certificate Signing Request).

Note: To remain secure, certificates must use 2048-bit keys.

  1. In your CertCentral account, in the sidebar menu, click Certificates > Orders.

  2. On the Orders page, use the drop-down lists, search box, advanced search features (Show Advanced Search), and column headers to locate the Premium client certificate you need to reissue.

  3. Click Quick View, in the Order # column, for the certificate you want to renew.

  4. Click Renew Certificate in the Order details panel.

  5. On the Request a Client Certificate page, under Certificate Settings, provide the certificate details for your renewal.

  1. Select how often you want the certificate to be automatically renewed from the Automatic Renewal drop-down (under Order Options).

  2. Under Certificate(s) to Request, enter the details for the recipient.

    1. Recipient Name (Common Name)
      Enter the recipient’s name as you want it to appear on the Client certificate.

      If you are using a CSR to create your certificate, you must enter the fully qualified domain name (for example, www.example.com).
    2. Recipient Email
      The email address that you want to appear on the certificate. Separate multiple email addresses with commas.

      The first email address listed is used to send the recipient an email so that they can generate their Client certificate.
    3. If you are using a CSR to create your certificate, upload or paste your CSR in the Recipient CSR box. We use the Public Key embedded in the CSR to create your Client certificate; all other fields in the CSR are ignored.

Your CSR must include the -----BEGIN NEW CERTIFICATE REQUEST----- and -----END NEW CERTIFICATE REQUEST----- tags.

  1. To add additional Client certificate recipients, click Add Another Certificate and enter the recipient’s details.

  1. Choose your payment information.

    • If you have a contract, your default payment method will use your contract.
    • If you do have a contract, check the box to exclude this certificate from your contact.

Note: If you need to deposit funds before continuing with the certificate order (clicking the Deposit link), your progress will not be saved.

  1. Read and understand the Certificate Services Agreement, and check I agree to the Certificate Services Agreement above.

  2. Click Submit Request.

What's next

You'll be taken to the certificate’s Manage Order # page where you can see the status of the email address verifications.

Each email address listed in the certificate request is sent an email that contains a link so that the recipient can validate that they own that email address. If the certificate recipient loses a validation email, you can resend it. See How to Resend an Email Validation for DigiCert "Client Certificate" Email.

On the Orders page (Certificates > Orders), the certificate should be listed with the Status of Pending.

After all email addresses are validated, a link will be sent to the first email address on the list so that the recipient can create their Client certificate.

Note: If you submitted a CSR, then the Client certificate will be attached to the final email.

For instructions on how to install the Client certificate, see (Windows) Importing Your Personal ID Certificate.