Issuance Insurance is the ability to reissue your certificate an unlimited amount of times, completely free of charge. Your SSL Certificate will be reissued with any existing validity that is remaining. Although Issuance Insurance comes free with most of the certificates at Trustico®, you need to ensure your product includes Issuance Insurance otherwise you will need purchase it during the initial ordering process to be eligible for a replacement SSL Certificate. If your order does not include it and you unexpectedly lose your SSL Certificate or Private Key you may be required to purchase the full priced product again.
Why you may need Issuance Insurance.
Reissuing your certificate can be extremely useful for several reasons, just to name a few;
- If you lose your private key, you will be required to regenerate a new CSR to get a new private key. You will then need to use issuance insurance to reissue your SSL certificate so it corresponds with the newly generated private key, and can be installed successfully.
- For certificates that were generated before 2016 and are still in SHA-1. Using issuance insurance with a CSR generated in 2048 bit will update your certificate to SHA-2 encryption.
- For certificates that were initially generated on a server and mid way through the certificate life, the servers are required to be changed. Usually, you will not be able to use an SSL certificate that has had its CSR generated on one server, to then install onto a different server. A new CSR should be generated and a new SSL reissued and installed.
- If you are required to install the one certificate onto several different servers that all require the CSR to be generated within the server itself. You will need to use issuance insurance to issue several copies of the same SSL certificate using the different server generated CSR’s.
How to use Issuance Insurance.
1. First things first, to use issuance insurance you will need to create a new CSR. You can do this on your Web Server or using the ‘CSR Generator‘ on the Trustico® Website. If you do not require the CSR to be generated on your server, we recommend using our online tool.
2. To use the CSR generator, visit the following page and input all of the required information and click submit for processing. The information will need to be identical to that used previously. Please login into your Trustico account and view the “Domain Details” tab to see your current CSR information. If you are generating the CSR on your server, you will need to research into how to do that.
3. Once you have clicked “Submit for processing” 2 sets of text will be generated. Your CSR and Private Key. Copy and paste both of these into a plain text file saved to a safe spot on your computer. You will need your CSR for the next part of the reinsurance process. You will need you new Private Key to install the reissued SSL.
4. Once you have your CSR ready, log into your Trustico account and view the order you would like to issue. You should see a ” Reissue Certificate ” tab on the far right. Click that.
5. On this page you will need to copy the new CSR you have just generated and saved, and paste it into the box where it says “Please Enter Your CSR Details. If there is a CSR already in there, delete it. When pasting in the CSR you will need to make sure that is contains “—–BEGIN CERTIFICATE—–” and “—–END CERTIFICATE—–” lines exactly as in the example below.
Select a recipient email address and press the ‘Reissue Order’ button at the bottom of the page. The recipient email address is where the new certificate will be sent to once it has been issued.
The next step is determined by the type of certificate you have; either a DV, OV or EV.
- DV – For a Domain Validated Certificate you are required to re complete the Approval Email validation.
- OV – Generally there is nothing required after using issuance insurance with an Organisation Validated Certificate. However it can take up to 24 hours to be re issued.
- EV – For an Extended Validated Certificate you are required to re complete the Domain Rights Confirmation email. A telephone call may also be required to confirm the re issuance with the corporate contact.
After one of three requirements have been completed. The new certificate will be available from within your account along with the Intermediate Certificate. You will need to use the Private Key that you have saved on your computer with the SSL and Intermediate when installing or converting into the appropriate format.
Take note; the Private key will not update and the old one will NOT work. You must use your new Private key that was created at the same time you generated the new CSR .
