You will need to reissue your RapidSSL certificate for numerous reasons. This short tutorial will go through how to do it hassle-free.
Some of the reasons that can cause you to reissue your SSL certificate during its lifespan:
- Your private keys can be compromised
- You are adding/removing SANs
- Industry Update
- Changing the hashing algorithm
- Moving servers and more!
The best thing is that it won’t cost you anything to reissue the SSL during the timespan. To reissue a RapidSSL Certificate, perform the following steps.
Step 1:
Generate a Certificate Signing Request (CSR). For assistance with generating your CSR, please click here. To be secure, we recommend using at least a 2048-bit key size.
Note: If you generate a new CSR, make sure you save your Private Key in a safe place. You will need it to install the re-validated certificate later.
Step 2:
Access the RapidSSL User Portal. Click on this link and follow the instructions mentioned below. https://www.digicert.com/account/login.php
Step 3:
In your CertCentral account, Click on certificates > Orders
Step 4:
You can find the RapidSSL certificate you wish to reissue on the orders page. Click the Quick View link.
Step 5:
On the right side of the page, you will see the reissue Certificate section: click it.
Step 6:
Add your CSR. On the Reissue Certificate for Order page, use one of the options below to add your CSR:
- Click to upload a CSR. Click the link to upload your CSR file to the Add Your CSR box.
- Paste CSR. Use a text editor to open your CSR file. Copy the text, including the -----BEGIN NEW CERTIFICATE REQUEST----- and -----END NEW CERTIFICATE REQUEST----- tags, and paste it into the Add Your CSR box.
Step 7:
Add the common name. We take the common name in your CSR and add it to the Common Name field.
Step 8:
Select the payment method. If you added SANs to the reissued order of the certificate, then you should select the payment method under the payment information section. You could skip this step if no SANs were added.
Step 9:
Select the signature HASH. SHA-256 is the only signature hash available for DV certificates.
Step 10:
Select the DCV method to prove control over your domain name. In the DCV verification method drop-down list, choose the DCV method you want to use for demonstrating control over the domain on the certificate order.
Step 11:
Add the reason for the reissue of the SSL certificate.
Step 12:
Click on request reissue to get the SSL reissue request approved.
Conclusions
When you request a certificate to be re-issued, the issuing certificate authority must go through the validation process again. The good news is that they could already completed this process for your order previously, so re-validation typically goes very quickly and smoothly.
However, if you are reissuing a type of certificate that requires a final verification call (OV or EV), the CA will need to perform that call again. Keep an ear out for that call; contact support if you don't receive it within 24 hours.
NOTE: If the Reissue option is not available or disabled, please contact the Customer Support Department to request a manual re-issuance.
Email: [email protected]
After you complete the validation process and have received the reissued SSL Certificate, you can proceed to install the new certificate.
People also read:
- What is an SSL certificate?
- How To Configure Nginx With SSL
- 10 Security Tips for Your Dedicated Windows Server