Skip to main content
banner image
venafi logo

Eliminating the Pain of Certificate Reissue, Renewal, and Revocation

Eliminating the Pain of Certificate Reissue, Renewal, and Revocation

image of an exasperated young man, staring at his computer screen with his head in his hand
October 4, 2018 | David Bisson

A user's control over a digital certificate begins when they purchase the electronic document from a Certificate Authority (CA). However, their jurisdiction doesn't end there. The user is also responsible for initiating the certificate renewal, reissue, and/or revocation processes.

Provided below is some information about each of these procedures:

  • Renewal: Certificate renewal is a process by which a user purchases a new certificate for the same public key used in an expiring certificate. Most SSL certificates expire a year after their purchase date. To maintain the trust of web users, owners should plan on renewing their certificates within the last quarter of their current certificates' lifecycles. They can request a certificate renewal by generating a new certificate signing request (CSR) from their CA's hosting control panel. The CA will then process that request and complete the identity verification steps within the same amount of time that's required to handle a new certificate's CSR as long as the owner's domain, organization name, and other submitted pieces of information have not changed. At that point, the CA will send the certificate to the purchaser's certificate contact. It's then up to the owner to install and configure their new certificate before removing their old electronic document.
  • Reissue: Certificate reissuing (also known as re-keying) is a process by which a user generates a new private key and CSR for an existing certificate. As explained by DNSimple, users might need to proceed with the reissuing process if they lose or delete their private key, if they want to change any of their certificate information, or if they want to change the certificate's encryption level. Upon completion, the reissuing process produces a new digital certificate.
  • Revocation: Sometimes a certificate's private key becomes unsafe. Let's Encrypt notes this can happen if a user shares the key on a public website or if hackers steal the key from a company's servers. In cases such as these, the user might choose to revoke the certificate, a process that cancels the certificate and thereby removes the HTTPS connection from the owner's domain. It's then up to the user to purchase, install, and configure a new digital certificate.

It takes a lot of work for an organization to inventory the locations of each of its digital certificates. The effort needed to renew, reissue, and possibly revoke a certificate is even greater. As a result, if performed manually, the creation and renewal process can be time-consuming and error-prone. Bad actors can leverage any mistakes to attack web users, damage the certificate owner's brand, and cost the company revenue.

To adequately manage their digital certificates, organizations need a solution that streamlines the renewal, reissue, and revocation processes for machine identities. Optimized for machine identity management, the Venafi Trust Protection Platform is one such tool. Customers can use the tool's REST-based API to initiate renewal, reissue, and/or revocation from a single portal. This centralization speeds up each of these certificate management processes, thereby minimizing the time during which an attacker could potentially cause harm. The Platform also automatically notifies owners when their certificates are about to expire.


Related posts

Like this blog? We think you will love this.
Featured Blog

How to Manage SSL Certificates [TLS Machine Identities]

Visibility Over Certificate Infrastructure Stays Low<

Read More
Subscribe to our Weekly Blog Updates!

Join thousands of other security professionals

Get top blogs delivered to your inbox every week

See Popular Tags

You might also like


TLS Machine Identity Management for Dummies

CIO Study: Certificate-Related Outages Continue to Plague Organizations
White Paper

CIO Study: Certificate-Related Outages Continue to Plague Organizations

About the author

David Bisson
David Bisson

David is a Contributing Editor at IBM Security Intelligence.David Bisson is a security journalist who works as Contributing Editor for IBM's Security Intelligence, Associate Editor for Tripwire and Contributing Writer for Gemalto, Venafi, Zix, Bora Design and others.

Read Posts by Author
get-started-overlay close-overlay cross icon
get-started-overlay close-overlay cross icon
Venafi Risk assessment Form Image

Sign up for Venafi Cloud

Venafi Cloud manages and protects certificates

* Please fill in this field Please enter valid email address
* Please fill in this field Password must be
At least 8 characters long
At least one digit
At last one lowercase letter
At least one uppercase letter
At least one special character
* Please fill in this field
* Please fill in this field
* Please fill in this field

End User License Agreement needs to be viewed and accepted

Already have an account? Login Here

get-started-overlay close-overlay cross icon

How can we help you?

Thank you!

Venafi will reach out to you within 24 hours. If you need an immediate answer please use our chat to get a live person.

In the meantime, please explore more of our solutions

Explore Solutions

learn more

Email Us a Question

learn more

Chat With Us

learn more