How to Reissue Your Symantec Affected Orders on

Re-issue Reasons

Over the course of your SSL certificate's lifespan, it may be necessary for you to reissue it at some point. This can happen for a number of reasons:

  • Your private key has been compromised
  • You are adding/removing SAN's
  • Industry updates
  • Changing hashing algorithms
  • Moving servers

The good news is that, outside of time, it probably won't cost you anything—most SSL certificates come with unlimited free reissuances for their entire lifespan. Below you will find instructions on how to reissue your active certificate(s) from your SSL providers control panel.

1. Generate CSR

Before you re-issue your SSL Certificate, make sure that you have the appropriate CSR. For that, you may use either one of the following:

  • Original CSR- this is the old CSR you used to issue the certificate previously (note: only do this if you still have access to the Private Key that was generated with that CSR). 
  • New CSR- create a new CSR using either an online tool or directly from your webserver (recommended – you can find instructions on how to generate a new CSR on your server here).

Note: If you generate a new CSR, make sure you save your Private key in a safe place. You will need it to install the re-validated certificate later.

2. Login at

Click the Log In button on the top right and enter your e-mail address and password.

3. Locate Orders That Need to be Re-Issued

Select Symantec Replacement Orders in the left-nav bar of the Dashboard.

4. View your Symantec Replacement Orders and Select "Reissue" an Order

You can view all your orders that will need to be re-issued under the "Symantec Replacement Orders" tab, along with the deadline and action you need to take. Select "Reissue" on one of the orders to get started.

5. DCV Method

Select the appropriate method to verify domain control. Because this will be a re-issue, you can only select the same method as you used previously

6. Enter CSR

Copy and paste your CSR into the area indicated.

7. Select Server Type

If you don't know the kind of server the certificate will be installed on, just select Other.

8. Signature Algorithm

The Signature Algorithm dictates whether your certificate chain will be fully SHA2 (FULL SHA-2) or SHA-2 with a SHA-1 root (SHA-2). Since most devices have adopted SHA-2 encryption, either selection should work for you.

9. Verify CSR Details

Confirm the details from your CSR are correct.

10. Select approver e-mail (E-mail DCV Only)

If you originally selected e-mail-based verification, you will need to specify which e-mail address you would like the domain control validation e-mail sent to.

11. Submit Re-issue Request

Click the Submit button to complete the re-issue request.

12. Re-Validate

When you request a certificate to be re-issued, the issuing certificate authority must go through the validation process again. The good news is that they were already able to complete this process for your order previously, so re-validation typically goes very quickly and smoothly. However, if you are reissuing a type of certificate that requires a final verification call (OV or EV), the CA will need to perform that call again. Keep an ear out for that call, if you don't receive it within 24 hours, contact support.

After you complete the validation process and have received the reissued SSL Certificate, you can proceed to installing the new certificate. You can find instructions on installing SSL on different servers on our Installation page.