An SSL certificate requires a Public and Private key. The Private key is a critical component and it is stored in your Web server or SSL appliance and cannot be replaced by Symantec. Problems with the private key can include:
Lost Private Key
Note: All replacements (for any reason) are free of charge. If you are changing any information on the SSL certificate such as Common Name, Organization, etc. you are not eligible for a replacement and must enroll for a new certificate.
Watch Symantec’s Tutorial Videos for a more visual experience!
Note: If you are unable to view the video, please click here to go directly to the video source.
- Go to the Symantec Trust Center account.
- Enter the account Username and Password > click Sign In
Note: Click here if you do not remember the Username or Password.
- From the list, select the appropriate certificate to replace
- Under the Order summary tab, click Replace
- Generate a new Certificate Signing Request (CSR) from your Web server using the same information as the original certificate. This includes the following fields: Organization, Organizational Unit, Common Name, Country, City/Locality & State
Note: Click here for CSR generation instructions.
- Select Server Platform
- Paste the CSR contents into the text box and select the Signature hash algorithm by clicking Edit
- Click Submit CSR
Note: Typical processing time for a replacement certificate is 24 hours. You should receive a confirmation e-mail within an hour after enrolling for the certificate. For order status, please log into the Symantec Trust Center account.
Replacing an SSL certificate does not add the certificate to Certificate Revocation List (CRL) or immediately flag the certificate as revoked status through Online Certificate Status Protocol (OCSP) responder.
The previous issued certificate should be removed from the server or device. Once the latest replacement issued certificate confirmed working, you need to revoke the previous certificate. Click here for instructions to revoke a SSL certificate.