Skip to main content

Renew your Document Signing certificate

Use these steps to renew a Document Signing for Individual, Employee, or Organization certificate in CertCentral.

Notice

For Subscription accounts, renew code signing certificates through your active subscription. In the CertCentral menu, go to My Digital Trust Products > Certificates. Select the order number of the certificate to renew and select Renew from the Certificate actions menu.

Before you begin

  • The organization must have current DS: Document Signing Validation for Employee or Organization certificates. If validation has expired, DigiCert validates the organization as part of the renewal process. To validate in advance, see Submit an organization for prevalidation.

  • For HSM provisioning: generate the private key and CSR on the HSM before submitting the renewal. Document signing certificates support RSA 2048, 3072, and 4096 and ECC P-256 and P-384 algorithms. Refer to your HSM vendor instructions to generate the CSR.

Renew your document signing certificate

  1. In the CertCentral menu, go to Certificates > Orders.

  2. Select the order number for the code signing certificate to renew.

  3. On the Order details page, in the Certificate actions menu, select Renew.

  4. On the renewal form, update the certificate details as needed, including selecting a new provisioning method if required.

  5. Under Provisioning options, select a provisioning method:

    • DigiCert-provided hardware token: DigiCert ships a hardware token with installation instructions. Under Shipping address, enter the name and address for token delivery.

    • Use existing token: install the certificate on your own supported hardware token after issuance. Supported tokens:

      • SafeNet/Gemalto eToken 5100 — RSA 2048

      • SafeNet/Gemalto eToken 5110 — RSA 2048, 3072, 4096, ECC P-256 and P-384

    • Install on HSM: install the certificate on your HSM after issuance. Select Yes under Was the private key generated by a Common Criteria EAL4+ standard or FIPS 140-2 Level 2 HSM? and upload your CSR.

      Important

      For HSM provisioning, DigiCert sends an agreement email to confirm the private key is stored on a certified HSM. DigiCert cannot issue the certificate until the requester responds to this email.

  6. Select Submit request.

After submission, CertCentral takes you to the Order details page where you can monitor the status of your renewal.

For Document Signing for Individual certificates, DigiCert validates the subject individual using remote identity verification (RIV) or a face-to-face process before issuing the certificate.

For Document Signing for Employee and Organization certificates, DigiCert contacts a verified phone number to confirm authority to order on behalf of the organization. This call typically occurs within 24 hours of submission.

Related topics

本节内容如下: