Skip to main content

Reissue your EV Code Signing certificate

Reissue a Code Signing certificate when you need to update certificate details, change the provisioning method, or replace a certificate with a compromised private key.

Important

All code signing private keys must be stored on hardware certified to FIPS 140-2 Level 2, Common Criteria EAL 4+, or equivalent. See Protect private keys.

Before you begin

  • All code signing private keys must be stored on hardware certified to FIPS 140-2 Level 2, Common Criteria EAL 4+, or equivalent. See Protect private keys and Code signing provisioning methods.

  • For HSM provisioning: generate the private key and CSR on the HSM before submitting the reissue. The CSR must use a minimum RSA 3072-bit or ECC P-256-bit key. Refer to your HSM provider's documentation to generate the CSR.

Reissue a code signing certificate

  1. In the CertCentral menu, go to Certificates > Orders.

  2. Select the order number for the code signing certificate to reissue.

  3. On the Order details page, in the Certificate actions menu, select Reissue certificate.

  4. On the Reissue certificate page, select a signature hash. DigiCert recommends SHA-256 unless you have a specific reason to select a different hash.

  5. Under Provisioning options, select a provisioning method.

    The provisioning method does not need to match the original order. See Code signing provisioning methods for the full list of options and their requirements.

  6. Under Reason for reissue, specify the reason for the reissue.

  7. Select Submit request.

If reissue approval is required, DigiCert emails the code signing verified contacts for the organization. After a verified contact approves the request, DigiCert reissues the certificate.

Notice

Post-issuance steps depend on your provisioning method:

  • DigiCert-provided hardware token: DigiCert installs the certificate on the token and ships it to the address provided during the request.

  • Own supported hardware token: Download the certificate from your CertCentral account and install it on your token.

  • HSM: Download the certificate from your CertCentral account and install it on the HSM. See Download a code signing certificate.

  • DigiCert KeyLocker: Access the certificate in DigiCert KeyLocker. See the KeyLocker documentation.

What's next

Download a code signing certificate to download the certificate from CertCentral for HSM installation

本节内容如下: