An SSL certificate requires a Public and Private key. The Private key is a critical component and it is stored in your Web server or SSL appliance and cannot be replaced by Thawte. Problems with the private key can include:
Lost Private Key
: All replacements (for any reason) are free of charge. If you are changing any information on the SSL certificate such as Common Name, Organization, etc. you are not eligible for a replacement and must enroll for a new certificate.
Watch Thawte’s Tutorial Videos for a more visual experience!
Note: If you are unable to view the video, please click here to go directly to the video source.
- Visit the Thawte Certificate Center (TCC) login page, enter the account username/password and click the 'Sign in' button.
- Select the certificate that needs to be replace from the list, then click the Details tab below. Take note of the following fields:
- Common Name
- Organizational Unit
- Under the Status tab, click Replace
- Generate a new Certificate Signing Request (CSR) from your Web server using the same information as the original certificate. This includes the following fields: Organization, Organizational Unit, Common Name, Country, City/Locality & State
Note: Click here for CSR generation instructions
- Select Server Platform
- Paste the CSR contents into the text box
- Click Continue
- Agree to the Subscriber Agreement > click Submit
- A confirmation screen with the new order number and certificate validity details will appear. Click the 'Go to Certificate Center' button to return to the Thawte Certificate Center (TCC) to review the status of the certificate reissue.
Note: If your SSL certificate contains Subject Alternative Name (SAN) entries, you cannot add or remove SAN values or an error will be displayed. You must revoke the current certificate and request a new one with the updated SAN values.
Replacing an SSL certificate does not add the certificate to Certificate Revocation List (CRL) or immediately flag the certificate as revoked status through Online Certificate Status Protocol (OCSP) responder.
The previous issued certificate should be removed from the server or device. Once the latest replacement issued certificate confirmed working, you need to revoke the previous certificate. To revoke an SSL certificate immediately, refer to this solution.