- You wish to switch to SHA256 from SHA1 signatures
- The machine on which your existing certificate is installed is corrupted, hacked, crashes or is physically destroyed.
- The original certificate had the wrong server name on it (e.g. www.example.co.uk rather than secure.example.co.uk). Note that this does not apply if the wrong domain name was used (e.g. www.example.com rather than www.example.co.uk) unless your certificate was a fully-authenticated certificate and was issued less than 30 days ago.
- You have ordered the certificate for the wrong software.
- You are moving hosting companies and the old hosting company will not release the private key or password to you.
- You have lost or forgotten the password which allows access to the certificate on your machine.
- The original certificate has been otherwise lost, corrupted or rendered unusable.
How to reissue SSL certificates
N.B. Re-issuing a cert will revoke the existing cert within a couple of hours of issue, thus making the existing cert invalid. Therefore, you must update the certificate on all servers using it.
N.B. (2) Do NOT revoke the cert yourself before starting the reissue process. If you do, you will not be able to reissue the cert without manual intervention
- Generate a new CSR from a new private key. The new CSR must have the same details as the original
- Visit Thawte end-user portal
- Enter domain name
- Enter the email address used for the corporate contact or technical contact
- Enter the digits and click Continue
- Click Request access alongside the correct version of the certificate
- You will be sent an email with a link granting you access to the certificate management
- Click on Reissue Certificate on the left
- Change the certificate type to 'SHA256 cert and root' from the pull down menu
- Copy and paste the CSR into the Certificate Signing Request box
- When you are ready, tick I agree to this SSL Certificate Subscriber Agreement and click Submit
- For domain-validated certs the approval contact will be sent a new approval email. Click on the approval link in the email
- Click I approve on the approval page that opens
- Wait for the new certificate to be emailed
- Install as appropriate