Reissuance

Overview

This process allows customers replace previously issued SSL Transport Layer Security (TLS) and its predecessor, Secure Sockets Layer (SSL), are cryptographic protocols that provide communication security over the Internet.[1] TLS and SSL encrypt the segments of network connections at the Application Layer for the Transport Layer, using asymmetric cryptography for key exchange, symmetric encryption for confidentiality, and message authentication codes for message integrity. Certificates. The following are examples of when reissuance would be relevant:

Private Key The SSL Key, also known as a Private Key, is the secret key associated with your SSL certificate and should reside securely on your web server. When you create a CSR your web server will also create a SSL Key. When your SSL certificate has been issued, you will need to install the SSL certificate onto your web server - which effectively marries the SSL certificate to the SSL key. As the SSL key is only ever used by the web server it is a means of proving that the web server can legitimately use the SSL certificate. If you do not have, or lose either the SSL Key or the SSL certificate then you will no longer be able to use SSL on your web server. file loss.
Private Key The SSL Key, also known as a Private Key, is the secret key associated with your SSL certificate and should reside securely on your web server. When you create a CSR your web server will also create a SSL Key. When your SSL certificate has been issued, you will need to install the SSL certificate onto your web server - which effectively marries the SSL certificate to the SSL key. As the SSL key is only ever used by the web server it is a means of proving that the web server can legitimately use the SSL certificate. If you do not have, or lose either the SSL Key or the SSL certificate then you will no longer be able to use SSL on your web server. pass phrase loss.
Private Key file has been compromised due to the server being hacked.
Server software platform has been replaced or upgraded
Moving to a different ISP or Hosting Company.
If your Organizational Unit (Business) changes

You cannot utilize reissuance in the following cases:

Your Company Name changes
Your Common Name The Common Name (CN) is the fully qualified domain name of the Web server that will receive the certificate (e.g. www.yourdomain.ca or webmail.yourdomain.ca). (Domain Name A domain name is an identification string that defines a realm of administrative autonomy, authority, or control on the Internet. Domain names are formed by the rules and procedures of the Domain Name System (DNS).) changes
Your Province/State/Locality/Country changes

In the above cases, a brand new Certificate purchase is required. This is necessary because the existing Validation information for the original certificate is no longer valid, and the Validation process must be undertaken once again.

Reissuance Process

To reissue your SSL certificate:

Log in to your Webnames.ca account.
Navigate to My Account> Manage > SSL Certificates
View the Issued certificates within your account , and click on the certificate name you wish to reissue
Click the Reissue button

Within the subsequent Reissue section, select the following as necessary:

Used Stored CSR Key: If no aspects of your web hosting or Admin contact details have changed, it is likely more convenient to re-use the same CSR Key as was previously used. Conversely if there has been a change to your web hosting and/or Admin contact details, you'll want to generated a new CSR. If in doubt, there is no harm in always using a new CSR Key. See also: "Step One: Generating a CSR key"
Domain Validation: Select your preferred method of confirming ownership and control of the domain name. See also: Domain Validated Certificates

Notice of Deprecation: Email Address for DCV SSL Certificate SSL Certificates are created for a particular server and domain, and are issued by trusted, third-party Certificate Authority (CA) - comparable to your passport. As the Certification Authority, the SSL Certificate vendor authenticates the identity of the purchaser and verifies the business that owns the domain. Verification

Please note this important change in the domain control validation (DCV) process for SSL/TLS The Transport Layer Security protocol aims primarily to provide privacy and data integrity between two communicating computer applications.[1]:3 When secured by TLS, connections between a client (e.g., a web browser or email program) and a server (website or email server) are private (or secure), authenticated, and unaltered. certificates. Effective January 15, 2025, the use of email addresses obtained via WHOIS WHOIS (pronounced as the phrase who is) is a query and response protocol that is widely used for querying databases that store the registered users of domain names, for DCV will be deprecated. This change is in compliance with the CA/Browser Forum's Ballot SC-80v3, which mandates the discontinuation of WHOIS-based email DCV methods.

Deprecation Date: Starting January 15, 2025, email addresses from WHOIS lookups will no longer be accepted for DCV.

Alternative Methods: Constructed/generic email addresses (e.g. admin@ hostmaster@ etc) will continue to be available for use, however we recommend transitioning to alternative DCV methods such as DNS The Domain Name System (DNS) is a hierarchical distributed naming system for computers, services, or any resource connected to the Internet or a private network. It associates various information with domain names assigned to each of the participating entities. A Domain Name Service resolves queries for these names into IP addresses for the purpose of locating computer services and devices worldwide. By providing a worldwide, distributed keyword-based redirection service, the Domain Name System is an essential component of the functionality of the Internet. TXT records.

Existing Validations: Existing domain validations using WHOIS email addresses will remain valid until July 15, 2025, but must be re-validated using non-WHOIS methods before this date.

Impact: Failure to re-validate domains using accepted methods will result in the inability to issue or renew SSL/TLS certificates.

Hash Algorithm: Select the desired Algorithm (SHA 2-256 being the current standard)
Subject Alternative Names: For Multi-Domain certificates with available SAN The Subject Alternative Names (SAN) extension allows one SSL certificate to be used to secure one Web server with multiple names (such as a different DNS name, IP address or URI). licenses purchased, provide additional and/or updated SANs

Click Submit to send the reissuance order to the certificate authority.
Reissued certificates are then subject to the following steps, similar to that of a newly configured certificate: