Halaman ini belum tersedia dalam bahasa lokal Anda. Kami berusaha keras untuk menambahkan lebih banyak versi bahasa. Terima kasih atas dukungan Anda.

Compute
Elastic Cloud Server
Huawei Cloud Flexus
Bare Metal Server
Auto Scaling
Image Management Service
Dedicated Host
FunctionGraph
Cloud Phone Host
Huawei Cloud EulerOS
Networking
Virtual Private Cloud
Elastic IP
Elastic Load Balance
NAT Gateway
Direct Connect
Virtual Private Network
VPC Endpoint
Cloud Connect
Enterprise Router
Enterprise Switch
Global Accelerator
Management & Governance
Cloud Eye
Identity and Access Management
Cloud Trace Service
Resource Formation Service
Tag Management Service
Log Tank Service
Config
OneAccess
Resource Access Manager
Simple Message Notification
Application Performance Management
Application Operations Management
Organizations
Optimization Advisor
IAM Identity Center
Cloud Operations Center
Resource Governance Center
Migration
Server Migration Service
Object Storage Migration Service
Cloud Data Migration
Migration Center
Cloud Ecosystem
KooGallery
Partner Center
User Support
My Account
Billing Center
Cost Center
Resource Center
Enterprise Management
Service Tickets
HUAWEI CLOUD (International) FAQs
ICP Filing
Support Plans
My Credentials
Customer Operation Capabilities
Partner Support Plans
Professional Services
Analytics
MapReduce Service
Data Lake Insight
CloudTable Service
Cloud Search Service
Data Lake Visualization
Data Ingestion Service
GaussDB(DWS)
DataArts Studio
Data Lake Factory
DataArts Lake Formation
IoT
IoT Device Access
Others
Product Pricing Details
System Permissions
Console Quick Start
Common FAQs
Instructions for Associating with a HUAWEI CLOUD Partner
Message Center
Security & Compliance
Security Technologies and Applications
Web Application Firewall
Host Security Service
Cloud Firewall
SecMaster
Anti-DDoS Service
Data Encryption Workshop
Database Security Service
Cloud Bastion Host
Data Security Center
Cloud Certificate Manager
Edge Security
Blockchain
Blockchain Service
Web3 Node Engine Service
Media Services
Media Processing Center
Video On Demand
Live
SparkRTC
MetaStudio
Storage
Object Storage Service
Elastic Volume Service
Cloud Backup and Recovery
Storage Disaster Recovery Service
Scalable File Service Turbo
Scalable File Service
Volume Backup Service
Cloud Server Backup Service
Data Express Service
Dedicated Distributed Storage Service
Containers
Cloud Container Engine
SoftWare Repository for Container
Application Service Mesh
Ubiquitous Cloud Native Service
Cloud Container Instance
Databases
Relational Database Service
Document Database Service
Data Admin Service
Data Replication Service
GeminiDB
GaussDB
Distributed Database Middleware
Database and Application Migration UGO
TaurusDB
Middleware
Distributed Cache Service
API Gateway
Distributed Message Service for Kafka
Distributed Message Service for RabbitMQ
Distributed Message Service for RocketMQ
Cloud Service Engine
Multi-Site High Availability Service
EventGrid
Dedicated Cloud
Dedicated Computing Cluster
Business Applications
Workspace
ROMA Connect
Message & SMS
Domain Name Service
Edge Data Center Management
Meeting
AI
Face Recognition Service
Graph Engine Service
Content Moderation
Image Recognition
Optical Character Recognition
ModelArts
ImageSearch
Conversational Bot Service
Speech Interaction Service
Huawei HiLens
Video Intelligent Analysis Service
Developer Tools
SDK Developer Guide
API Request Signing Guide
Terraform
Koo Command Line Interface
Content Delivery & Edge Computing
Content Delivery Network
Intelligent EdgeFabric
CloudPond
Intelligent EdgeCloud
Solutions
SAP Cloud
High Performance Computing
Developer Services
ServiceStage
CodeArts
CodeArts PerfTest
CodeArts Req
CodeArts Pipeline
CodeArts Build
CodeArts Deploy
CodeArts Artifact
CodeArts TestPlan
CodeArts Check
CodeArts Repo
Cloud Application Engine
MacroVerse aPaaS
KooMessage
KooPhone
KooDrive
On this page

Reissuing an SSL Certificate

Updated on 2024-12-13 GMT+08:00

Reissuing an SSL certificate is a process in which a user needs to obtain a new certificate to replace the original certificate when the SSL certificate is still valid. Generally, you need to re-issue the SSL certificate in the following scenarios:

  • Key leakage or loss: If the key of a website is disclosed or lost, you are advised to issue a new SSL certificate to ensure website security.
  • Changing the domain name: If the domain name of a website is changed, the original SSL certificate is no longer applicable. You need to issue a new SSL certificate to match the new domain name.
  • Incorrect certificate configuration: If the configuration information (for example, the domain name or organization information) is incorrect when you apply for an SSL certificate, you need to re-issue the SSL certificate.

Prerequisites

  • The certificate is in the Issued state.
  • The certificate is a single-domain or wildcard-domain certificate.

Constraints

  • Free certificates, multi-domain certificates, and revoked certificates cannot be reissued.
  • An issued certificate can be reissued within a specified period. The period varies depending on domain type and CAs. The following describes the period given by some CAs:
    • DigiCert and GeoTrust: 25 days.
  • There is no limit on how many times you can apply for reissues of a single-domain or wildcard-domain certificate only when the reissue is requested within the specified period. This period varies depending on CAs.

Procedure

  1. Log in to the management console.
  2. Click in the upper left corner of the page and choose Security & Compliance > Cloud Certificate Management Service. The service console is displayed.
  3. In the navigation pane on the left, choose SSL Certificate Manager > SSL Certificates.
  4. In the Operation column of the target certificate, choose More > Reissue, as shown in the Figure 1.

    Figure 1 Reissuing an SSL certificate
    NOTE:

    If the reissue button disappears or the reissue failed, check the following items:

    • Certificate status. The certificate you want to reissue must have been issued. If the certificate is not issued, it cannot be reissued.
    • Certificate type. Free certificates and multi-domain certificates cannot be reissued.
    • Certificate CA. If your certificate was issued by GlobalSign, a reissue can only be initiated within 5 days after the certificate was issued.
    • Certificate CA. If your certificate was issued by DigiCert, GeoTrust, CFCA, TrustAsia, or vTrus, a reissue can only be initiated within 25 days after the certificate was issued.

  5. To change the domain name for a certificate, perform operations by referring to Table 1. You can also modify the company contact or authorizer information.

    Figure 2 Reissuing a certificate
    Table 1 Domain name parameters

    Parameter

    Description

    Example Value

    CSR

    To obtain an SSL certificate, a Certificate Signing Request (CSR) file needs to be submitted to the CA for review. A CSR contains a public key and a distinguished name (DN). Typically, a CSR is generated by a web server. A pair of public and private keys are created along with the CSR.

    Options:
    • System generated CSR: The system automatically generates a certificate private key. Once the certificate is issued, you can download your certificate and private key on the certificate management page.
    • You manually generate a CSR file and paste the content of the CSR file into the text box. For more details, see How Do I Make a CSR File?

    You are advised to select System generated CSR to avoid approval failure caused by incorrect content. For details about the differences between the two types of certificate request files, see What Are the Differences Between the CSR Generated by the System and the CSR Made by Yourself?

    System generated CSR

    Domain Name

    This parameter is displayed when you purchase a single-domain or wildcard-domain certificate.

    • If you select Upload a CSR for CSR, the domain name is automatically parsed based on the CSR file. You do not need to manually enter the domain name.
    • If you select System generated CSR for CSR, manually enter the domain name or wildcard domain to be associated with the certificate.

      Single domain: If your domain is www.domain.com, enter www.domain.com for Domain Name.

      Wildcard domain: If you have multiple domain names that are all the same level, for instance, test.huaweicloud.com, yun.huaweicloud.com, example.huaweicloud.com, and good.huaweicloud.com, you can use a wildcard to enter a single domain name that would include them all, in this case: *.huaweicloud.com.

    www.domain.com

    Domain Name Verification Method

    In accordance with the CA specifications, after applying for a certificate, you need to work with the CA to verify ownership of the associated domain name. After your ownership of the domain name is verified by you and approved by the CA, the CA will issue the certificate.

    Options:

    • DNS: You need to verify the domain ownership by resolving a specific DNS record on the domain name management platform.
      • Automatic DNS verification: The system automatically adds DNS records for verification.

        If you have purchased DV (domain name) certificate, and you have registered a domain name on the Huawei Cloud platform and the domain name has been resolved by Huawei Cloud DNS, you can choose this verification method.

      • Manual DNS verification: You need to go to the DNS service provider of the domain name to perform the verification.
    • File: You need to create a specified file on the server to verify your ownership of the domain.
    • Email: You can click the link and follow the directions in the email to verify ownership of the domain.
    NOTE:
    • DV (basic) certificates (GeoTrust entry-level SSL certificates and DigiCert free SSL certificates) are verified by DNS by default.

    Manual DNS verification

  6. After confirming that the entered information is correct, read through the Cloud Certificate Manager Statement, Privacy Statement, and the authorization statement, and check the box to agree to the disclaimer and statements

    If the certificate is not being reviewed, you can cancel the authorization for privacy information. Once you revoke the authorization, the platform will no longer store your information. The contact name, phone number, email address, and organization details will be deleted. For more details, see Canceling Authorization for Privacy Information.

  7. Click Submit.

    1. After you submit the reissue application, the certificate status has changed to CA verifying (reissue).
    2. The CA will send an email to you within one to two working days to confirm the cancellation of the issued certificate. After you confirm the email, the CA will cancel the issued certificate and the certificate will enter the reissue process.

      If you have modified the domain name or information about the company contact or authorizer, the certificate is in the Pending domain name verification status after the original certificate is canceled. The certificate can be reissued only when you complete Verifying Domain Name Ownership and Verifying the Organization (OV and EV) (required only for OV, OV Pro, EV, and EV Pro certificates).

Kami menggunakan cookie untuk meningkatkan kualitas situs kami dan pengalaman Anda. Dengan melanjutkan penelusuran di situs kami berarti Anda menerima kebijakan cookie kami. Cari tahu selengkapnya

Feedback

Feedback

Feedback

0/500

Selected Content

Submit selected content with the feedback