Bulk Reissues and Extended Renewals

Customers affected by the upcoming distrust of Symantec, Geotrust, Thawte and RapidSSL certificates have a number of options prior to the September deadline to ease the reissue process.

Extended Renewal Periods

Instead of reissuing your certificate and then renewing it again in a few months you could instead choose to take advantage of the extended 210 day renewal window and renew the certificate instead.

If your certificate needs to be reissued prior to 13 September 2018 and has less than 210 days remaining you can instead renew your certificate and the remaining time (up to 210 days) will be added to the new certificate. To qualify you must purchase a 1 year certificate to replace a certificate that expires after 13 September 2018. The remaining time on the existing certificate will be added to the new replacement certificate up to a maximum validity period of 825 days (hence this only applies to 1 year certificates.

To take advantage of the Extended Renewal window simply purchase the certificates you require either from your reseller/bulk purchase account or via our website. Select the renewal option when providing your new CSR.

Bulk Re-issuance

If you have a number of certificates that need to be reissued we can assist with a bulk re-issuance.

The bulk re-issuance will use the original CSR you supplied when the order was placed. We will provide you with a CSV file containing all of your orders and an authentication string which should be either uploaded to the website root or added to the sites DNS depending on which option you choose. You must choose the same validation method for all orders being bulk re-issued.

Once re-issued the new certificates will be available via the order management pages and API. The certificates will match existing private keys on your system and you can simply replace existing certificates and intermediates.

Note for IIS users: The bulk re-issuance process is not suitable for IIS users. This is due to IIS being unable to import a certificate without either a matching private key or pending request. A work around is to export all certificates to PFX and then use OpenSSL to export the Private key from the PFX. You then generate a new PFX file using the new certificate and existing private key and re-import. This is only advised if you are competent in OpenSSL, IIS and certificate management.

To take advantage of our bulk re-issuance please submit a request to our Bulk Reissue Team

Related Articles