Renewing an AffirmTrust certificate using TM SSL/Deep Security for Web Apps
Article Number: 000070670
To ensure continuous security, do not let your certificates expire. When you renew a certificate, all of its information remains the same, except that the validity period is updated. You can only renew a certificate when it is within 90 days of its expiry date or after is expires. You can renew a certificate only once.
If the original certificate was an Organization Validated (OV) certificate, you will be re-issued an OV certificate. If the original certificate was an Extended Valdiation (EV) certificate, you will be re-issued an OV certificate, unless your account or one of the domains in the certificate request is no longer EV-validated. In that case, you will be re-issued an OV certificate.
To renew a certificate:
1. In the Deep Security for Web Apps console, go to the main Protection tab. In the left pane, click Certificates.
2. On the Certificates sub-tab, click the Common Name of the certificate that you want to renew.
3. Check the certificate details to make sure you have selected the correct certificate.
4. Click Renew.
5. On the Renew Certificate page, you can edit the following information:
- ?Organization Profile for which the certificate is being requested. Note that if you change the organization profile, the domains from the original certificate will need to be re-confirmed for the new organization, if they have not been already.
- Certificate Type, either EV or OV.
- Validity period of the certificate, either 1 or 2 years
- HASH algorithm used for the certificate signature
- For Deep Security for Web Apps: SHA-1 or SHA-2
- For TM SSL: SHA-1 or SHA-256
- You can also paste a new CSR in the Paste in CSR box.
6. On the Confirm Certificate Details page, In the Check/Modify Notifications area, specify who will receive notifications regarding this certificates (such as when it is issued, expiry warnings, and revocation notifications.) Click Continue.
7. If the Common Name or SANs list contains a new domain that has not been previously validated to the appropriate level (OV or EV), the Confirm Domain Control page appears, listing the new domains. Click Continue.Note:
- If the new domain must be confirmed at the OV level, the "Confirmation of Control for domain # of #" page appears. Select the email address where the domain ownership confirmation request will be sent. If none of the pre-populated email addresses is yours, select Manually Validate and the Trend Micro Web App Security vetting team will confirm the domain control manually. Click Continue. Repeat this step for each domain that you added.
- If the new domain must be confirmed at the EV level, you are not prompted to choose an email address because the domain must be manually validated by the Deep Security for Web Apps vetting team. Continue to the next step.
8. The Certificate Request Summary page appears, where you can review the request details before submitting the final certificate request. If the request is correct, click Approve.
9. A message appears, stating that the certificate request has been submitted and that a link to the new certificate will be sent to you shortly. Click OK to proceed.A notification about the renewal appears in the notifications list and is also emailed to the Primary Administrators for your account. On the Certificates tab, the old certificate is tagged as renewed so that you will not receive any more renewal notifications. The renewed certificate appears on the Certificates tab and has the status of “Pending”.
10. Install the renewed certificate on your server. For the procedure, refer to the following KB article: Installing SSL Certificates.
Support Hours of Operation:
Sunday 8PM ET to Friday 8PM ET