Replace a certificate

Certificate replacement allows you to replace your third-party certificate automatically or manually with a DigiCert certificate.

You can also replace your certificate when:

  • You lost your certificate's private key and want to get new keys.
  • You want to change or add SANs to your certificate.
  • You want to fix any compliance issues associated with the certificate.

You can either replace a certificate manual or setup automation for it to be configured automatically.

To see available certificate actions, go to Discovery > View Results.

Automated certificate replacement

The auto-replace feature has been integrated with the automation service. This checks whether there are any automation setups available for matching IPs/Ports or certificates and automatically replaces them.

To submit an auto-replace request:

  1. Identify the certificate or endpoint you want to replace.
  2. From the actions dropdown, select either “Reissue" or "Replace with DigiCert”.
  3. Select the automated replacement option to continue.

For more information on setting up automation, see Set up ACME automation for a web server.

The certificate installation starts immediately. In case, an automation setup is already configured, it will take you to the Manage automation page.

You can manually replace your certificate if your certificate host is not configured for automation.

Replace on revoke

Replace your certificate if it is revoked or missing.

On Automation > Manage profiles page:

  1. Find and click the name of the automation profile.
  2. Select Auto-renew and install certificate.
  3. Enable the Auto-replace this certificate if revoked or missing.
  4. Select Save.

The Discovery service monitors certificates by doing daily revocation checks. If a revoked certificate is found, this configuration ensures the revoked certificate is automatically replaced by a new one.

Use Discovery to Set up and run a scan. This will discover the revoked or missing certificate on the host.

简介

DigiCert is the world's leading provider of scalable TLS/SSL, IoT and PKI solutions for identity and encryption. The most innovative companies, including 89% of the Fortune 500 and 97 of the 100 top global banks, choose DigiCert for its expertise in identity and encryption for web servers and Internet of Things devices. DigiCert supports TLS and other digital certificates for PKI deployments at any scale through its certificate lifecycle management solution, CertCentral®. The company is recognized for its enterprise-grade certificate management platform, fast and knowledgeable customer support, and market-leading security solutions. For the latest DigiCert news and updates, visit digicert.com or follow @digicert.

©2020 DigiCert, Inc. All rights reserved. DigiCert, its logo and CertCentral are registered trademarks of DigiCert, Inc. Norton and the Checkmark Logo are trademarks of NortonLifeLock Inc. used under license. Other names may be trademarks of their respective owners.