Here are some reasons that can cause you to reissue your SSL certificate during its lifespan:
- Your private keys can be compromised
- You are adding/removing SAN’s
- Industry update
- Changing the hashing algorithm
- Moving server
The best thing is that during the timespan, it won’t cost you anything for reissuing the SSL. To reissue a RapidSSL Certificate, perform the following steps.
Step 1: Generate a Certificate Signing Request (CSR). For assistance with generating your CSR please click here. To be secure, we recommend using at least a 2048-bit key size.
Note: If you generate a new CSR, make sure you save your Private Key in a safe place. You will need it to install the re-validated certificate later.
Step 2: Access the RapidSSL User Portal. Click on this link and follow the instructions mentioned below. https://www.digicert.com/account/login.php
Step 3: In your CertCentral account, Click on certificates > Orders
Step 4: On the orders page, you can find the RapidSSL certificate that you wish to reissue. Click the Quick View link.
Step 5: On the right side of the page, you will see the reissue Certificate section: click it.
Step 6: add your CSR. On the Reissue Certificate for Order page, use one of the options below to add your CSR:
- Click to upload a CSR. Click the link to upload your CSR file to the Add Your CSR box.
- Paste CSR. Use a text editor to open your CSR file. Copy the text, including the -----BEGIN NEW CERTIFICATE REQUEST----- and -----END NEW CERTIFICATE REQUEST----- tags, and paste it into the Add Your CSR box.
Step 7: Add the common name. We take the common name included in your CSR and add it to the Common Name field.
Step 8: Select the payment method. If you added SANs to the reissued order of the certificate, then you should select the payment method under the payment information section. You can skip this step if no SANs were added.
Step 9: Select the signature HASH. SHA-256 is the only signature hash available for DV certificates.
Step 10: Select the DCV method to prove control over your domain name. In the DCV verification method drop-down list, choose the DCV method you want to use for demonstrating control over the domain on the certificate order.
Step 11: Add the reason for the reissue of the SSL certificate.
Step 12: Click on request reissue to get the SSL reissue request approved.
When you request a certificate to be re-issued, the issuing certificate authority must go through the validation process again. The good news is that they were already able to complete this process for your order previously, so re-validation typically goes very quickly and smoothly.
However, if you are reissuing a type of certificate that requires a final verification call (OV or EV), the CA will need to perform that call again. Keep an ear out for that call, if you don't receive it within 24 hours, contact support.
NOTE: If the Reissue option is not available or disabled please contact the Customer Support Department to request a manual re-issuance.
After you complete the validation process and have received the reissued SSL Certificate, you can proceed to install the new certificate.