Entrust Certificate Services Support Knowledge Base

Audience: General
Last Modified: 2009-09-03 10:44:10.0

TN 7882 - How to renew your Entrust SSL Certificate

30 days prior to expiration of your SSL certificate, you will receive an e-mail from Entrust, reminding you to renew it. You will receive another reminder 10 days prior to certificate expiration.

Note: Only the contacts on the original order will receive this e-mail. 

The renewal process consists of 4 main steps:

 

- Generating your CSR for the renewal

- Placing your order on our site

- Validating your order

- Installing the Certificate

 

Generate your CSR:

For your renewal, you must create a new CSR. For a guide on generating your CSR, you can contact Entrust Support or look at the Entrust installation guides by selecting the appropriate server type:

 

http://www.entrust.net/ssl-technical/webserver.cfm

 

1 - Place an Order on Entrust.com, using one of these methods.

- Click the renewal link in your expiration e-mail.

 

- In your browser, navigate to https://buy.entrust.net/ and select the Renew tab.

 

2 - Select your certificate type and desired lifetime and click Order. The Order button is below the price total.

Note: You do not need to log in to renew your certificate.

 

3 – Enter the Domain and Passphrase. The domain is the Common Name (CN) Value on the original certificate. The passphrase was created by the person who placed the original order.

 

 

 

 

If you do not recall your passphrase, you can have it sent to you by click Retrieve Passphrase.

Note: The email address that you enter here must be the same one associated with the original order. If you cannot retrieve your passphrase, you may have used a different email address. In this case, contact ECS Support.

 

4 – Paste in your CSR and specify a new passphrase. The passphrase must meet the password requirements.

 

If you are ordering an Advantage SSL Certificate, make sure that you specify the Subject Alternative name in Subject Alt Name.

 

 

 

 

5 – The next screen confirms the contents of your certificate request.

If this is the wrong request, you can change it by clicking Replace. Your request will indicate that it is either valid or invalid. If your request is invalid, it may be missing one of the required fields or could be using a key bit length that is too short. If you are getting errors regarding your CSR, contact ECS Support for assistance.

 

6 – When renewing your certificate, if you logged in using your ID and password, your previous contact information may be pre-populated into your order.

 

If you need to change any of this contact information, click Edit.

 

7 - When adding contacts, you must fill in all of the required fields and then set this person as the Authorizing Contact, Technical Contact, or Billing Contact.

8 - To add this contact information, click Add.

 

Please make sure that the Authorizing and Technical contacts are two separate individuals for validation purposes.

 

Once you have all three contacts listed, you can proceed to the final step.

 

 

 

9 – In the last step of the renewal, you will provide payment via credit card. Choose your credit card type, and enter the credit card number and expiry date.

 

10 - The Entrust order system will check the address of the Billing Contact to check whether it matches the address associated with the credit card. If the billing contact address that you have entered in the previous step is not the address associated with the credit card, select No when you prompted with, Does the Billing Address of this card match the Billing contact for this order?

 

11 - Enter the correct address and click Process Order.

 

 

 

Once your order has been processed, our verification team will start validating the information on your order.

 

Validating your order

 

The Validation Process consists of 3 main checks for our regular SSL certificates (everything except for the Extended Validation Certificates):

 

1 – Business check: Validate the business name and address, and make sure it is an active and legal entity.

2 – Domain check: Check the Whois record to confirm domain ownership of the domain being requested.

3 – Employment check: Confirm that the contacts requesting the certificate are employed with the organization. This is done using a contact check from a third party telephone number.

 

Once these checks have been completed, your certificate is sent to you by email.

 

Installating the Certificate

 

After the certificate pickup link has been sent to you, you must install the new certificate on the server. Use the installation instructions on the certificate pickup page by selecting your server from the dropdown list.