Sectigo.com
Shop Enterprise Partners Resources

Managing SSL certificates

Renew an SSL certificate

  • Using new Key Pair

  • Using existing Key Pair and details

The tabs and fields available in the Renew SSL Certificate dialog vary based on the certificate profile and enrollment method used for certificate issuance.

  1. Navigate to Certificates  SSL Certificates.

  2. Select the certificate you want to renew, and click Renew.

  3. In the Renew SSL Certificate dialog, select Use New Key Pair, and click Next.

  4. Complete the Details tab fields based on the information provided in the following table.

    Field Description

    Organization

    The organization to which the certificate belongs.

    Department

    The department to which the certificate belongs.

    Certificate Profile

    The certificate profile to be used for certificate issuance.

    Certificate Term

    The validity period of the certificate. The available terms are dependent on the certificate profile.

    Comments

    Comments or notes about the certificate.

    External Requesters

    The email address of any external requester(s).
    Depending on your configuration, additional custom fields may be available.

  5. Click Next.

  6. If prompted, on the CSR tab, paste or upload your CSR, and click Next.

  7. Complete the Private Key tab based on the information provided in the following table.

    Field Description

    Azure Account

    The name of the SCM Azure account configured for the Azure Key Vault.

    Resource Group

    The name of the resource group in Azure containing the appropriate Azure Key Vault.

    Key Vault

    The name of the Azure Key Vault in which the CSR should be generated.

    Key Type

    The key size or curve to be used for encrypting the private key.

    Set Passphrase for Private Key download

    When enabled, you can set the password required to download the private key for the issued certificate. Otherwise, a password must be created each time the private key is downloaded.

    Reuse Key

    Indicates whether the existing private key should be reused when renewing the certificate. If this policy is changed in Azure, the Azure policy will take precedence during certificate renewal or replacement.

    Once the certificate is issued, this setting cannot be changed.

    Exportable Key

    Indicates whether the private key can be exported from the Azure Key Vault. If this policy is changed in Azure, the Azure policy will take precedence during certificate renewal or replacement.

    Once the certificate is issued, this setting cannot be changed.

    Store Key in HSM

    Indicates whether the key will be stored in an HSM.

    Once the certificate is issued, this setting cannot be changed.

  8. Click Next.

  9. Complete the Domains tab based on the information provided in the following table.

    Field Description

    Common Name

    The domain name for which the certificate is being issued.

    Subject Alternative Names

    Additional names or attributes that identify the entity associated with the certificate. This can include alternative domain names, email addresses, IP addresses, or other identifiers relevant to SSL certificates.

  10. Click Next.

  11. If prompted, on the EV details tab, review the EV details, and click Next.

    EV details for the organization can be updated on the Organizations page. For more information, see Update EV details.

  12. If prompted, on the Nodes & Ports tab, click the Add icon, and select the node(s) to which the certificate will be installed.

    Nodes and ports can be updated on the Network Agents page. For information on configuring nodes and ports, see Configuring network agents.

  13. Click Next.

  14. If prompted, complete the Auto-installation tab based on the information provided in the following table.

    Field Description

    Triggered

    When selected, certificate auto-installation is manually initiated through SCM.

    Scheduled

    When selected, certificate auto-installation is scheduled to occur at a specified time.

  15. Click Next.

  16. Complete the Auto-Renewal tab based on the information provided in the following table.

    Field Description

    Enable Auto-Renewal

    When enabled, the certificate will be automatically renewed before expiration.

    Create new key pair while renewing

    When enabled, a new key pair will be created when renewing the certificate instead of reusing the existing key pair.

    Renewal Period

    The number of days before the certificate expires that the certificate should be renewed.

  17. Click Next/OK.

  18. If prompted, read the EULAs, select I Agree for each, and click OK.

  1. Navigate to Certificates  SSL Certificates.

  2. Select the certificate you want to renew, and click Renew.

  3. In the Renew SSL Certificate dialog, select Use Existing Key Pair and Details.

  4. Click Confirm.

Replace an SSL certificate

Only certificates issued by the Sectigo Public CA can be replaced in SCM.

  • Provide Manual CSR

  • Automatically Generate CSR

  1. Navigate to Certificates  SSL Certificates.

  2. Select the certificate you want to replace, and click Replace.

  3. In the Replace Certificate dialog, select Provide Manual CSR, and complete the fields based on the information provided in the following table.

    Field Description

    CSR

    The CSR to be used for the certificate replacement.

    Common Name

    The domain name for which the certificate is being issued.

    Subject Alternative Names

    Additional names or attributes that identify the entity associated with the certificate. This can include alternative domain names, email addresses, IP addresses, or other identifiers relevant to SSL certificates.

    Reason

    A message providing the reason for the certificate replacement.

  4. Click Replace.

The automatic generation of a CSR during certificate replacement is only available for certificates enrolled through SCM using the Generation of CSR in Azure Key Vault enrollment method.

  1. Navigate to Certificates  SSL Certificates.

  2. Select the certificate you want to replace, and click Replace.

  3. In the Replace Certificate dialog, select Automatically Generate CSR, and complete the fields based on the information provided in the following table.

    Field Description

    Common Name

    The domain name for which the certificate is being issued.

    Subject Alternative Names

    Additional names or attributes that identify the entity associated with the certificate. This can include alternative domain names, email addresses, IP addresses, or other identifiers relevant to SSL certificates.

    Reason

    A message providing the reason for the certificate replacement.

  4. Click Replace.

Download an SSL certificate

  • Certificate only

  • Certificate and private key

  1. Navigate to Certificates  SSL Certificates.

  2. Select the certificate you want to download, and click View.

  3. In the SSL Certificate dialog, click the Download icon.

  4. Select the appropriate download format.

  1. Navigate to Certificates  SSL Certificates.

  2. Select the certificate for which you want to recover the private key, and click View.

  3. In the SSL Certificate dialog, click the Download icon.

  4. Select Certificate and Private Key.

  5. Select the appropriate download format.

  6. If prompted, set the passphrase for the private key download.

  7. Click Download.

Managing SSL certificate email notifications

Edit SSL certificate email notifications

  1. Navigate to Certificates  SSL Certificates.

  2. Select the certificate for which you want to edit email notifications, and click Edit.

  3. Click on the Management tab, expand the Notifications section, and click the Edit icon.

  4. Complete the Edit Notifications fields based on the information provided in the following table.

    Field Description

    Suspend Notifications

    When enabled, email notifications are not sent to external requestors.

    External Requesters

    The email address of any external requester(s).

  5. Click Save.

Resend an SSL certificate notification

  1. Navigate to Certificates  SSL Certificates.

  2. Select the certificate for which you want to edit email notifications, and click Edit.

  3. Click on the Management tab, expand the Notifications section, and click Resend Collection Email.

Edit certificate auto-renewal settings

  1. Navigate to Certificates  SSL Certificates.

  2. Select the certificate for which you want to edit auto-renewal, and click Edit.

  3. Click on the Management tab, expand the Auto-Renewal section, and click the Edit icon.

  4. Complete the Edit Auto-Renewal Schedule fields based on the information provided in the following table.

    Field Description

    Enable Auto-Renewal

    When enabled, the certificate will be automatically renewed before expiration.

    Create new key pair while renewing

    When enabled, a new key pair will be generated during the renewal process instead of reusing the existing key pair.

    Renewal Period

    The number of days before the certificate expires that the certificate should be renewed.

  5. Click Save.

Delete an SSL certificate entry

Deleting an SSL certificate entry does not revoke the certificate itself.

  1. Navigate to Certificates  SSL Certificates.

  2. Select the certificate entry you want to delete, and click the Delete icon.

  3. Click Delete.

Revoke an SSL certificate

  1. Navigate to Certificates  SSL Certificates.

  2. Select the certificate you want to revoke, and click Revoke.

  3. In the Revocation Reason dialog, select a revocation reason.

  4. Provide a message outlining any relevant details about the certificate or revocation.

  5. Click Revoke.