- Login to DigiCert PKI Platform
- Create a NEW certificate profile, based on the same BCT, bind it to the new DigiCert Public CA and configure it in the same way as the original one – you may choose to have two browser windows side-by-side showing the PKI Manager portal, to facilitate the task
- Test issuance of a certificate via the appropriate Enrollment method (OS/Browser, CSR, PKI Client, SCEP, iOS, PKI Web Services) and appropriate certificate lifecycle operations
- If end-to-end testing is successful, SUSPEND the OLD cert profile so that no more certs are issued from it:
- Click on the Suspend button:
- If configured, modify the Email notification setting for Revoked certificates to NOT send email notifications to Users – this is in case the Admin decides to also DELETE the profile and choose to automatically Revoke all certificates issued from it.
Click on the OLD certificate profile -> under Customize certificate notifications, click Edit -> under Recipients, uncheck the Certificate user check box:
- [OPTIONAL] DELETE the OLD profile by clicking on the Delete profile link and check the “I want to delete this profile and revoke all certificates assigned to it”:
- Click on the Delete Profile button. If successful, you will be presented with a success message showing the Job ID for the bulk revocation asynchronous task, which will run in the background. Once completed, the account Administrator will be notified via email:
If you have issues performing these steps, please contact DigiCert PKI Support.