How to reissue an AffirmTrust certificate using using TM SSL/Deep Security for Web Apps

Article Number: 000070669

User-added image
If you encounter issues with a certificate, you may need to re-issue the certificate with a new CSR and reinstall it on your server.

You may also re-issue a certificate so that you can use it on multiple servers that have the same Common Name (for when you are doing load balancing). When you re-issue a certificate, all of the fields in the CSR are set to the default values.

To re-issue a certificate using TM SSL/Deep Security for Web Apps:

1. Generate a new CSR on your server. For the procedure, refer to the following article: Create a CSR.

2. Open the CSR file in a text editor and copy the text, including the BEGIN and END tags.

3. In the Web App Security console, go to the main Protection tab. In the left pane, click Certificates.

4. On the Certificates sub-tab, click the Common Name of the certificate that you want to re-issue.

5. Check the certificate details to make sure you have selected the correct certificate.

6. Click Re-issue.

7. On the Re-Issue Certificate page, paste the text of the CSR file in the Paste in CSR box. You can also edit the following information obtained from the previous version of the certificate:?

  • Organization Profile for which the certificate is being requested.Note: If you change the organization profile, the domains from the original certificate will need to be confirmed for the new organization, if they have not been already.

  • Certificate Type, either EV or OV.

  • Validity period of the certificate, either 1 or 2 years

  • HASH algorithmused for the certificate signature

    • For Deep Security for Web Apps: SHA-1 or SHA-2

    • For TM SSL: SHA-1 or SHA-256

Click Continue.

8. On the Confirm Certificate Details page, In the Check/Modify Notifications area, specify who will receive notifications regarding this certificates (such as when it is issued, expiry warnings, and revocation notifications.) Click Continue.

9. If the Common Name or SANs list contains a new domain that has not been previously validated to the appropriate level (OV or EV), the Confirm Domain Control page appears listing the new domains, click Continue.


  • If the new domain must be confirmed at the OV level, the "Confirmation of Control for domain # of #" page appears. Select the email address where the domain ownership confirmation request will be sent. If none of the pre-populated email addresses is yours, select Manually Validate and the Trend Micro Web App Security vetting team will confirm the domain control manually. Click Continue. Repeat this step for each domain that you added.

  • If the new domain must be confirmed at the EV level, you are not prompted to choose an email address because the domain must be manually validated by the Trend Micro Web App Security vetting team. Continue to the next step.

10. The Certificate Request Summary page appears. Review the request details before submitting the final certificate request. If the request is correct, click Approve and then click OK on the confirmation message that appears. Otherwise, click Back to edit the request or click Cancel to discard it.If you have Approver permission, the new certificate order appears in the list on the Certificates tab, with a status of "Pending".

If you do not have Approver permission, the certificate order appears in the list on the Certificates tab, with a status of "Approve". The certificate request will need to be approved before it can change to a "Pending" status.

When the certificate is ready for use, its status will change to "Issued".

Support Hours of Operation: 
Sunday 8PM ET to Friday 8PM ET
[email protected]