Reissue a GeoTrust Wildcard DV Certificate

Industry standards change: End of 2-year public SSL/TLS certificates

On August 27, 2020, 6:00 PM MDT (August 28 00:00 UTC), DigiCert stopped issuing public DV, OV, and EV SSL/TLS certificates with a maximum validity greater than 397 days.

Now, 2-year public SSL/TLS certificate reissues have a max validity of 397 days. This means some reissued certificates will expire before the order expires. To use the remaining validity included with the original certificate, reissue certificates during the order's final 397-day period.

To learn more, see End of 2-year DV, OV, and EV public SSL/TLS certificates.

Use these instructions to reissue a GeoTrust Wildcard DV Certificate.

GeoTrust Wildcard DV Certificates use Subject Alternative Names (SANs) to let you secure one or up to 250 domains. The SANs must be a wildcard domain (*.example.com) or based off your listed wildcard domains (mail.example.com). Adding SANs to a GeoTrust Wildcard DV certificate order may incur additional cost.

A Certificate Signing Request (CSR) is required to complete the reissue order.

  1. Create a Certificate Signing Request
    To remain secure, certificates must use at least a 2048-bit key size. Need help creating a CSR? See Create a CSR (Certificate Signing Request).

  2. In your CertCentral account, in the sidebar menu, click Certificates > Orders.

  3. On the Orders page, use the drop-down lists, search box, advance search features (Show Advanced Search link), and column headers to find the GeoTrust Wildcard DV certificate you want to reissue.

  4. In the certificate’s Order # column, click the Quick View link.

  5. In the Order details pane (on the right side of the page), click the Reissue Certificate link.

  6. Add Your CSR
    We take the common name and any SANs included in your CSR and add them to the Common Name and Other Hostnames (SANs) field.

    On the Reissue Certificate for Order page, use one of the options below to add your CSR.

    1. Click to upload a CSR
      Click the link to upload your CSR file to the Add Your CSR box.
    2. Paste CSR
      Use a text editor to open your CSR file. Then, copy the text, including the -----BEGIN NEW CERTIFICATE REQUEST----- and -----END NEW CERTIFICATE REQUEST----- tags and paste it in to the Add Your CSR box.

  7. Common Name
    We take the common name included in your CSR and add it to the Common Name field.

    To add or change the common name, manually enter the domain you want this DV certificate to secure.

Make sure to format the common name correctly (*.example.com).

Changing the common name when reissuing a GeoTrust Wildcard DV certificate automatically revokes the original certificate and any previous reissues, unless you add the old common name as a SAN on the reissued certificate.

  1. Other Hostnames (SANs)
    We take any SANs included in your CSR and add them to the Other Hostnames (SANs) field.

    Add, remove, and reorder SANs as needed so the certificate secures the domains that you want.

    1. Add SANs
      In the Other Hostnames (SANs) box, enter the additional SANs that you want included in the reissued certificate.
      Adding SANs does not revoke the original certificate or previous reissues. However, adding SANs may incur additional charges for the certificate reissue.
    2. Remove SANs
      In the Other Hostnames (SANs) box, delete the SANs that you want to exclude in the reissued certificate.

The SANs must be a wildcard domain (*.example.com) or based off your listed wildcard domains (mail.example.com).

Removing SANs automatically revokes the original certificate or previous reissues.

  1. Select Payment Method
    Did you add SANs to the certificate reissue order? Under Payment Information, select a payment method to pay for the certificate.

    If you didn't add SANs, skip to the next step. You won't be charged for your reissue.

    1. Pay with Contract Terms
      Have a contract and want to use it to pay for the certificate?
      Note: When you have a contract, it is the default payment method.
    2. Pay with Credit Card
      Don’t have a contract or don’t want to use the contract to pay for this certificate? Use a credit card to pay for the certificate.
    3. Pay with Account Balance
      Don’t have a contract or don’t want to use the contract to pay for this certificate? Bill the cost to your account balance.
      To deposit funds, click the Deposit link.

The Deposit link takes you to another page inside your CertCentral account. Any information entered in the request form will not be saved.

  1. Signature Hash

    SHA-256 is the only signature hash available for DV certificates.

  2. Select a DCV Method to Prove Control Over Your Domain
    Before DigiCert can reissue your DV certificate, you must demonstrate control over the domains on your certificate order. To learn more about the available DCV Methods, see Domain Control Validation (DCV) Methods.

    In the DCV verification method drop-down list, choose the DCV method you want to use to demonstrate control over the domains on the certificate order.

    You must use the selected DCV method to prove control over every domain on the order.

    • DNS TXT
      The DNS TXT DCV method allows you to demonstrate control over the domain on your order by creating a DNS TXT record containing a randomly generated value.
    • Email
      The Email DCV method allows an email recipient to demonstrate control over the domain by following the instructions in a confirmation email sent for the domain.
    • File
      The File DCV method allows you to demonstrate control over your domain by hosting a fileauth.txt file containing a randomly generated value at a predetermined location on your website.

After submitting your reissue order, you can change the DCV method from the certificate's Order # details page, if needed. (In the sidebar menu, click Certificates > Orders. On the Orders page, in the Order # column of the DV certificate order, click the order number link.)

  1. Select the Language for the DCV Email

    In the DCV Email Language drop-down list, select the language you want DCV authentication email to be sent in.

    Note that this drop-down list only appears when you select Email as your DCV method.

  2. Reason for Reissue
    Add a reason for the reissue that only an Administrator can see.

These comments are not included in the certificate.

  1. When you are finished, click Request Reissue.

About

DigiCert is the world's leading provider of scalable TLS/SSL, IoT and PKI solutions for identity and encryption. The most innovative companies, including 89% of the Fortune 500 and 97 of the 100 top global banks, choose DigiCert for its expertise in identity and encryption for web servers and Internet of Things devices. DigiCert supports TLS and other digital certificates for PKI deployments at any scale through its certificate lifecycle management solution, CertCentral®. The company is recognized for its enterprise-grade certificate management platform, fast and knowledgeable customer support, and market-leading security solutions. For the latest DigiCert news and updates, visit digicert.com or follow @digicert.

©2020 DigiCert, Inc. All rights reserved. DigiCert, its logo and CertCentral are registered trademarks of DigiCert, Inc. Norton and the Checkmark Logo are trademarks of NortonLifeLock Inc. used under license. Other names may be trademarks of their respective owners.