Reissue your client certificate
End of life for old S/MIME products in CertCentral
On July 10, 2025, DigiCert deprecated the old S/MIME products: Premium, Email Security Plus, Digital Signature Plus, and Class 1 S/MIME. These are replaced by Secure Email Certificates. See Secure Email products. If you have existing orders for these products, see Reissue your client certificate for deprecation impact on reissues.
Reissue a client certificate when you need to update recipient details, change the signature hash, or replace a lost certificate.
Waarschuwing
Before reissuing a Premium, Email Security Plus, Digital Signature Plus, and Class 1 S/MIME certificate that uses the deprecated Legacy profile
On July 10, 2025, DigiCert deprecated the Legacy profile used by the old S/MIME products: Premium, Email Security Plus, Digital Signature Plus, and Class 1 S/MIME. When reissuing one of these older products, DigiCert reissues using the Multipurpose profile.
The Legacy profile's maximum validity is 1184 days, whereas the Multipurpose profile's maximum validity is 824 days. If reissuing a certificate with remaining validity greater than 824 days, DigiCert truncates the validity to 824 days without a refund. These products are replaced by Secure Email Certificates. See Secure Email Certificates.
Before you begin
If organization policy requires you to include a CSR with your client certificate reissue, generate your CSR before proceeding. See How to create a CSR (Certificate Signing Request) and Generate a certificate signing request (CSR).
Reissue a Premium client certificate
These instructions apply to reissuing a Premium certificate. Differences for other client certificate types are noted.
In the CertCentral main menu, go to Certificates > Orders.
On the Orders page, in the Order # column, select the certificate's order number link.
Under the Details tab, from the Certificate actions dropdown, select Reissue certificate.
On the Reissue certificate for order page, under Recipient details, verify that the following information is correct.
Recipient name (Common Name) Recipient's name as you want it to appear on the certificate.
If you’re using a CSR, enter a fully qualified domain name (for example, www.example.com).
Recipient Email The email address that you want to appear on the certificate. Separate multiple email addresses with commas.
The first email address listed is used to send the recipient an email so they can generate their client certificate.
If you’re using a CSR to create your certificate, upload or enter your CSR in the Recipient CSR box.
DigiCert uses the public key embedded in the CSR to create your client certificate. All other fields in the CSR are ignored.
Opmerking
Your CSR must include the
-----BEGIN NEW CERTIFICATE REQUEST-----and-----END NEW CERTIFICATE REQUEST-----tags.In the Signature hash dropdown, select a signature hash.
In the Reason for reissue box, specify a reason for the certificate reissue.
Select Request reissue.
CertCentral takes you to the certificate’s Order # details page where you can see the status of the email address verifications.
DigiCert validates and sends email
DigiCert sends an email to each address listed in the certificate. The email includes a link so the recipient can validate that they own that email address,
After all email addresses are validated, DigiCert sends an email to the first address on the list so the recipient can create their client certificate. If using a CSR, the client certificate is attached to the final email.
Opmerking
If the certificate recipient loses a validation email, you can resend it. See Resend the email validation for DigiCert client certificate email.
What's next
Renew your client certificate to renew an expiring client certificate order