Skip to main content
banner image
venafi logo

Eliminating the Pain of Certificate Reissue, Renewal, and Revocation

Eliminating the Pain of Certificate Reissue, Renewal, and Revocation

Certificate Reissue, Renewal, and Revocation
October 4, 2018 | David Bisson

A user's control over a digital certificate begins when they purchase the electronic document from a Certificate Authority (CA). However, their jurisdiction doesn't end there. The user is also responsible for initiating the certificate renewal, reissue, and/or revocation processes.

Provided below is some information about each of these procedures:

  • Renewal: Certificate renewal is a process by which a user purchases a new certificate for the same public key used in an expiring certificate. Most SSL certificates expire a year after their purchase date. To maintain trust of web users, owners should plan on renewing their certificates within the last quarter of their current certificates' lifecycles. They can request a certificate renewal by generating a new certificate signing request (CSR) from their CA's hosting control panel. The CA will then process that request and complete the identify verification steps within the same amount of time that's required to handle a new certificate's CSR as long as the owner's domain, organization name, and other submitted pieces of information have not changed. At that point, the CA will send the certificate to the purchaser's certificate contact. It's then up to the owner to install and configure their new certificate before removing their old electronic document.
     
  • Reissue: Certificate reissuing (also known as re-keying) is a process by which a user generates a new private key and CSR for an existing certificate. As explained by DNSimple, users might need to proceed with the reissuing process if they lose or delete their private key, if they want to change any of their certificate information, or if they want to change the certificate's encryption level. Upon completion, the reissuing process produces a new digital certificate.
     
  • Revocation: Sometimes a certificate's private key becomes unsafe. Let's Encrypt notes this can happen if a user shares the key on a public website of if hackers steal the key off a company's servers. In cases such as these, the user might choose to revoke the certificate, a process which cancels the certificate and thereby removes the HTTPS connection from the owner's domain. It's then up to the user to purchase, install, and configure a new digital certificate.

It takes a lot of work for an organization to inventory the locations of each of its digital certificates. The effort needed to renew, reissue, and possibly revoke a certificate is even greater. As a result, if performed manually, the creation and renewal process can be time-consuming and error prone. Bad actors can leverage any mistakes to attack web users, damage the certificate owner's brand, and cost the company revenue.

To adequately manage their digital certificates, organizations need a solution that streamlines the renewal, reissue, and revocation processes. The Venafi Platform is one such tool. Customers can use the tool's REST-based API to initiate renewal, reissue, and/or revocation from a single portal. This centralization speeds up each of these certificate management processes, thereby minimizing the time during which an attacker could potentially cause harm. The Platform also automatically notifies owners when their certificates are about to expire.

Related posts

Subscribe to our Weekly Blog Updates!

Join thousands of other security professionals

Get top blogs delivered to your inbox every week

See Popular Tags

You might also like

Why Encryption Should Be the Next Step in Operationalizing GDPR Compliance

Why Encryption Should Be the Next Step in Operationalizing GDPR Compliance

Russia-Yandex Encryption Spat Highlights Trust as a Competitive Business Advantage

Russia-Yandex Encryption Spat Highlights Trust as a Competitive Business Advantage

https phishing, tls certificate, phishing scam

FBI Warns Users about Phishing Campaigns that Leverage HTTPS Websites

About the author

David Bisson
David Bisson

David Bisson writes for Venafi's blog and is an expert in machine identity protection.

Read Posts by Author
get-started-overlay close-overlay cross icon
get-started-overlay close-overlay cross icon
Venafi Risk assessment Form Image

Sign up for Venafi Cloud


Venafi Cloud manages and protects certificates



* Please fill in this field Please enter valid email address
* Please fill in this field Password must be
At least 8 characters long
At least one digit
At last one lowercase letter
At least one uppercase letter
At least one special character
(@%+^!#$?:,(){}[]~`-_)
* Please fill in this field
* Please fill in this field
* Please fill in this field
*

End User License Agreement needs to be viewed and accepted



Already have an account? Login Here

×
get-started-overlay close-overlay cross icon

How can we help you?

Thank you!

Venafi will reach out to you within 24 hours. If you need an immediate answer please use our chat to get a live person.

In the meantime, please explore more of our solutions

Explore Solutions

learn more

Email Us a Question

learn more

Chat With Us

learn more
Chat