Why you might have a certificate reissued as SHA2
Google and Microsoft initiatives have prompted the web industry to update the SSL certificate security standard. As a result, someone using Chrome or Internet Explorer will get a warning when they visit a site that uses an SHA1 generated security certificate.
To prevent your customers from seeing these warnings, you will need to reissue your certificate as SHA2.
Where to go
When requesting a reissue, the same contacts and domain name associated with the original SSL Certificate must be used for the new SSL Certificate. To get a reissue on an SSL Certificate, go to the SSL certificate provider's site:
- Symantec: https://products.websecurity.symantec.com/orders/orderinformation/authentication.do
- thawte: https://products.thawte.com/orders/orderinformation/authentication.do
- Trustwave: https://ssl.trustwave.com/controlcenter/login.php
Comodo certificates are reissued through OpenSRS. To start that process just send us an email at email@example.com.
You will need to provide us with the following information:
- Domain name on the certificate
- Supplier order ID
- CSR (Certificate Signing Request)
- NOTE: The CSR does not have to be generated using the SHA2 hash; you can use the same CSR that was used to last issue/reissue the certificate.
- Message stating you wish to reissue the certificate using SHA2
We will then reissue the certificates with Comodo on your behalf. Please allow 1-3 business days for these to be processed.
What you need
For all suppliers except Comodo, you must have the following information on-hand in order to reissue your SSL certificate:
For GeoTrust, Symantec and thawte:
- Domain or subdomain name - The domain for which the original SSL certificate was issued
- Email address - an email address used on the original order
- Order ID - this corresponds to the Supplier Order ID in your Reseller Control Panel
- To find the Supplier Order ID, go to Trust > the specific SSL Order > Status > Supplier Order ID
- Username and password
- The Admin contact email address you used to set up your SSL certificate
How to get your SSL certificate reissued
1. To log in:
- Enter the domain name OR order ID
- NOTE: The order ID corresponds to theSupplier Order ID listed in your Reseller Control Panel
- Enter one of the email addresses you used on your order
- In the Image number field, enter the number in the box below
2. Click Request Access; this will prompt the system to send you an email with the vendor login url.
3. Check your email and click on the vendor login url. You will see the following control panel.
Click the Reissue Certificate link in the top left menu.
4. In the Hashing Algorithm drop-down menu, select SHA2 with a 256-bit Digest (or reissue it with SHA1, if required).
Then enter your CSR in the provided field. This can be the existing CSR (SHA1 or 2) or a new CSR.
Lastly, review and agree to theSubscriber Agreement and then click Submit.
5. When the information is submitted, an approval email will be sent to the Domain Approver email address. Once approval is granted the certificate will be sent to the Tech Contact email address.