How to: Reissue an SSL certificate

You may need to have your SSL certificate reissued for various reasons, such as:

  • A change to your CSR (Certificate Signing Request)
  • The loss of a private key
  • Changing your SSL certificate from SHA1 to SHA2

This article will walk you through:

For a certificate to be reissued, the approver email must approve the reissue.  Approval can only be done via the approver email, not DNS nor file validation.  Approver email is listed as "Validation Email" in the OpenSRS Reseller Control panel.  It can also be found in the reissue portal in step 3 below.  
 
Reissue is not possible via API commands.  

Where to go

When requesting a reissue, the same contacts and domain name associated with the original SSL Certificate must be used for the new SSL Certificate. To get a reissue on an SSL Certificate, go to the SSL certificate provider's site:

Comodo

Comodo certificates are reissued through OpenSRS. To start that process just send us an email at help@opensrs.com.

You will need to provide us with the following information:

  • Domain name on the certificate
  • Supplier order ID
  • CSR (Certificate Signing Request)
    • NOTE:  The CSR does not have to be generated using the SHA2 hash; you can use the same CSR that was used to last issue/reissue the certificate.
  • Message stating you wish to reissue the certificate using SHA2

We will then reissue the certificates with Comodo on your behalf. Please allow 1-3 business days for these to be processed.

 

What you need

In order to get your SSL certificate reissued for all suppliers besides Comodo, make sure you have the following information ready:  

For GeoTrust, Symantec and thawte:

  • Fully qualified domain name or common name - This correspond to the names you see in the OpenSRS Reseller Control Panel under the Trust section.  
  • Email address - This can be either the Administrator or the Technical email address listed for the certificate in the Reseller Control Panel.  
  • Order ID - this corresponds to the Supplier Order ID in the Reseller Control Panel. You do not need to use the Order ID if you are using the fully qualified domain name for the cert.  
    • To find the Supplier Order ID, go to Trust > the specific SSL Order > Status > Supplier Order ID

For Trustwave:

  • Username and password

OR

  • The Admin contact email address you used to set up your SSL certificate

 

How to get your SSL certificate reissued

1. To log in:

  • Enter the fully qualified domain name name OR order ID
    • NOTE:  The order ID corresponds to the Supplier Order ID listed in your Reseller Control Panel
  • Enter either the administrator or the technical email addresses you used on your order.  Whichever email address you enter here will be the one to receive the link to access the portal. 
  • In the Image number field, enter the number in the box below

 

2. Click Request Access; this will prompt the system to send you an email with a link to access the portal.

 

3. Check your email and click on the vendor login url. You will see the following control panel.

Click the Reissue Certificate link in the top left menu.  Make a note of the Domain Approver email in the screenshot below as the domain approver has to approve the email before the cert can be sent to the Technical contact

 

4.  In the Hashing Algorithm drop-down menu, select SHA2 with a 256-bit Digest (or reissue it with SHA1, if required).

Then enter your CSR in the provided field. This can be the existing CSR (SHA1 or 2) or a new CSR.

Lastly, review and agree to the Subscriber Agreement and then click Submit.

 

5.  When the information is submitted, an approval email will be sent to the Domain Approver email address. Once approval completed the certificate will be sent to the Tech Contact email address.

  

Why to have your certificate reissued as SHA2

Some older certs were issued using SHA1 security.  Google and Microsoft initiatives have caused the web industry to update the SSL certificate security standard. As a result, someone using Chrome and Internet Explorer will get a warning when they visit a site that uses an SHA1 generated security certificate.

To prevent your customers from seeing these warnings, you will need to reissue your certificate as SHA2.

Have more questions? Submit a request

0 Comments

Please sign in to leave a comment.
Powered by Zendesk