Frequently Asked Questions

Help Center Search

What does it mean to re-key a certificate?

Print this Article
Last Updated: December 10, 2008 3:15 PM

Re-keying is the process of replacing an existing SSL certificate.

WARNING! Do not revoke your certificate without first speaking with customer support. Once a certificate is revoked it is gone. You cannot re-key a revoked certificate.

NOTE: The original certificate is automatically deactivated when the new one is issued. It is not necessary to request revocation of the old certificate.

Consider re-keying an SSL certificate if any of the following situations occur:

  • Loss of your private key
  • Compromise of your private key
  • Changing hosting providers
  • Changing the server the certificate is installed on
  • Recovering from a server crash

NOTE: The Distinguished Name (DN) in the replacement SSL certificate must be identical to the Distinguished Name in the SSL Certificate that is being re-keyed. The Common Name, Organization Name, Locality, State/Province, and Country — as entered in the Certificate Signing Request (CSR) — must be the same in both of the certificates. Certificate holders can have their certificates re-keyed at no expense.

NOTE: If you are moving your SSL certificate to a new server, if your server has crashed, or if you have lost your private key, you will want to re-key your SSL certificate not revoke it. For information on how to re-key your certificate see Re-key an SSL Certificate.