Reissuance

Overview

This process allows customers replace previously issued SSL Certificates. The following are examples of when reissuance would be relevant:

• Private Key The SSL Key, also known as a Private Key, is the secret key associated with your SSL certificate and should reside securely on your web server. When you create a CSR your web server will also create a SSL Key. When your SSL certificate has been issued, you will need to install the SSL certificate onto your web server - which effectively marries the SSL certificate to the SSL key. As the SSL key is only ever used by the web server it is a means of proving that the web server can legitimately use the SSL certificate. If you do not have, or lose either the SSL Key or the SSL certificate then you will no longer be able to use SSL on your web server. file loss.
• Private Key pass phrase loss.
• Private Key file has been compromised due to the server being hacked.
• Server software platform has been replaced or upgraded
• Moving to a different ISP or Hosting Company.
• If your Organizational Unit (Business) changes

You cannot utilize reissuance in the following cases:

• Your Company Name changes
• Your Common Name (Domain Name) changes
• Your Province/State/Locality/Country changes

In the above cases, a brand new Certificate purchase is required. This is necessary because the existing Validation information for the original certificate is no longer valid, and the Validation process must be undertaken once again.

Reissuance Process

To reissue your SSL certificate:

1. Log in to your Webnames.ca account.
2. Navigate to My Account> Manage > SSL Certificates
3. View the Issued certificates within your account , and click on the certificate name you wish to reissue
4. Click the Reissue button

 Within the subsequent Reissue section, select the following as necessary:

• Used Stored CSR Key: If no aspects of your web hosting or Admin contact details have changed, it is likely more convenient to re-use the same CSR Key as was previously used. Conversely if there has been a change to your web hosting and/or Admin contact details, you'll want to generated a new CSR. If in doubt, there is no harm in always using a new CSR Key. See also: "Step One: Generating a CSR key"
• Domain Validation: Select your preferred method of confirming ownership and control of the domain name. See also: Domain Validated Certificates

Notice of Deprecation: Email Address for DCV SSL Certificate Verification Please note this important change in the domain control validation (DCV) process for SSL/TLS certificates. Effective January 15, 2025, the use of email addresses obtained via WHOIS for DCV will be deprecated. This change is in compliance with the CA/Browser Forum's Ballot SC-80v3, which mandates the discontinuation of WHOIS-based email DCV methods. Deprecation Date: Starting January 15, 2025, email addresses from WHOIS lookups will no longer be accepted for DCV. Alternative Methods: Constructed/generic email addresses (e.g. admin@ hostmaster@ etc) will continue to be available for use, however we recommend transitioning to alternative DCV methods such as DNS TXT records. Existing Validations: Existing domain validations using WHOIS email addresses will remain valid until July 15, 2025, but must be re-validated using non-WHOIS methods before this date. Impact: Failure to re-validate domains using accepted methods will result in the inability to issue or renew SSL/TLS certificates.

• Hash Algorithm: Select the desired Algorithm (SHA 2-256 being the current standard)
• Subject Alternative Names: For Multi-Domain certificates with available SAN licenses purchased, provide additional and/or updated SANs

5. Click Submit to send the reissuance order to the certificate authority.
6. Reissued certificates are then subject to the following steps, similar to that of a newly configured certificate:
   • See also: Approval and Validation
   • See also: Issuance
   • See also: Installation