Secure Site Pro: Duplicate a TLS certificate

Like all DigiCert certificates, the Secure Site Pro product line allows you to create duplicate certificates. However, with Secure Site Pro, we improved the duplicate certificates process and how it relates with the reissues process. This improved self-service centered process enables you to do more to get the duplicate certificates you need.

Duplicate certificates never require DigiCert to revoke previous copies of your certificate.

Rearrange and remove domains

With Secure Site Pro, we allow you to rearrange and remove domains when creating duplicate certificates. This allows you to create server specific duplicates that include only the domains needed for that server.

Let’s say you have a Secure Site Pro TLS certificate with example.com for the common name and *.example1.com, app.example3.com, and example2.com as SANs. Because it’s a Secure Site Pro certificate, you can create these duplicate certificates:

Certificate Common name SANs
Original *.example.com *.example.com
*.example1.com
app.example3.com
example2.com
Duplicate 1 *.example1.com *.example1.com
Duplicate 2 app.example3.com app.example3.com
Duplicate 3 example2.com app.example2.com
app.example3.com

Reissue to add domains

If you want a duplicate certificate for a domain not on the order, you'll need to reissue the certificate and add the domain to the order (see Reissue an SSL/TLS certificate). Once the domain is added and your certificate has been reissued, then you can create a duplicate certificate that includes that new domain.

Wildcard domain duplicates

With wildcard domains, you're able to secure a domain and all its first-level subdomains. For example, a certificate that secures *.example.com also secures add.example.com, my.example.com, app.example.com and so on. Instead of creating a duplicate certificate for *.example.com, you may want to create individual duplicate certificates for each subdomain covered by *.example.com.

Subdomains included as SANs on certificate

If the subdomain is already included as a SAN on the certificate (original or reissued), create a duplicate certificate and move the subdomain to the common name field. Then, remove any unneeded SANs and submit your duplicate certificate request.

For example, let’s say you have a Secure Site Pro TLS certificate with *.example for the common name and sub.example.com, add.example.com, and my.example.com included as SANs. You can create a duplicate certificate for sub.example.com one for add.example.com, and another one for my.example.com.

Certificate Common name SANs
Original *.example.com *.example.com
add.example.com
sub.example.com
my.example.com
Duplicate 1 add.example.com add.example.com
Duplicate 2 sub.example.com sub.example.com
Duplicate 3 my.example.com my.example.com

Subdomains not included as SANs on certificate

If the subdomain isn't on the certificate, you'll need add it to the certificate before you create the duplicates. To add domains, you'll need to reissue the certificate and add the subdomain to the order (see Reissue an SSL/TLS certificate). Then, once the certificate has been reissued, create the duplicate certificate for the subdomain.

For example, let’s say you have a Secure Site Pro TLS certificate with *.example as the common name. However, you want to get duplicate certificates for sub.example.com, add.example.com, and my.example.com.

To do this, you'll need to reissue the certificate and add sub.example.com, add.example.com, and my.example.com as SANs to the order. Once the certificate is reissued, you can create duplicate certificates for sub.example.com, add.example.com, and my.example.com.

Certificate Common name SANs
Original *.example.com *.example.com
Reissued *.example.com *.example.com
add.example.com
sub.example.com
my.example.com
Duplicate 1 add.example.com add.example.com
Duplicate 2 sub.example.com sub.example.com
Duplicate 3 my.example.com my.example.com