Here’s When You Need to Reissue/Replace Your Symantec SSL/TLS Certificate

1 Star2 Stars3 Stars4 Stars5 Stars (4 votes, average: 5.00 out of 5)

An Easy Guide for Symantec, GeoTrust, RapidSSL, and Thawte Customers to Reissue/Replace Their SSL/TLS Certificates

If you are the owner of a Symantec, GeoTrust, RapidSSL, or Thawte SSL/TLS certificate, you’ve undoubtedly heard about DigiCert’s acquisition of Symantec. You may also have heard that Google Chrome will distrust the SSL/TLS certificates issued by Symantec and its subsidiary CAs (GeoTrust, RapidSSL, and Thawte).

To avoid this distrust and its security warnings, Symantec customers need to reissue their certificates from new infrastructure as directed by Google. As Symantec sold its CA business to DigiCert, all these certificates will be reissued/replaced from DigiCert’s PKI infrastructure.

So, when do you need to reissue/replace your certificate? Do you even need to reissue/replace your SSL/TLS certificate? Let’s find out.

Further, here are the relevant dates and things to keep in mind before any action –

  • December 1, 2017: As of this date, Google has required that TLS certificates no longer be issued by Symantec roots, but must be issued by another CA. As of December 1, DigiCert will be issuing all certificates for Website Security customers. This date does not mandate any immediate certificate changes, but officially transfers validation and issuance of Symantec certificates to DigiCert systems. From this date forward, Symantec customers can begin to request free replacement certificates. These replacement certificates will be valid through the issuance to the end of the certificate validity period.
  • ~March 15, 2018: Chrome beta will distrust certificates issued by Symantec before June 1, 2016. The public release of Chrome is expected on April 17, 2018.
  • ~September 13, 2018: Chrome beta will distrust all certificates issued by Symantec. The public release of Chrome is expected in mid-October of 2018.

Confused? Here’s a simplified version for you:

  • If your certificate was issued before June 1, 2016, you’ll need to reissue/replace your certificate before March 15, 2018.
  • If your certificate was issued after June 1, 2016, and before December 1, 2017, you’ll need to reissue/replace your certificate before September 13, 2018.
  • And if your issuance date is after December 1, 2017, you don’t need to reissue your certificate.

As simple as that.

If you’re a visual learner, here’s its visual representation for you.

Replacement Dates

How to reissue Symantec SSL Certificates?

Yes, you’ve still got time on your hands. But why leave it late?

If you need to reissue your certificate, why leave it for later? From December 1, 2017, the reissuance process has started, and it’s in everyone’s best interest to do it at the earliest. And don’t worry. The reissuance process doesn’t involve any fees or charges. It’s completely free!

Here’s what you need to do if you’re our existing customer.

  • Login to Control Panel
  • Select My Order
  • Locate the order for the certificate you would like to re-issue, and click the order number to view the detail
  • Select Re-issue Certificate
  • Choose your DV Validation method – email or file based
  • Enter CSR
  • Select Server Type
  • Select Signature algorithm (SHA-2)
  • Submit Re-issue request
  • Re-validation

If you are requesting a DV SSL Certificate re-issuance, you’ll have the SSL Certificate within minutes. But, if you are requesting for any OV or EV SSL Certificate, you will receive the reissued SSL Certificate after the final verification (as per the type of your SSL). The Certificate Authority (DigiCert) will re-validate all necessary details for your SSL order. Don’t worry as DigiCert is THE fastest when it comes to its validation processes. As soon as the certificate has been validated, you will receive an email with your new certificate. And then, you’ll need to re-install the SSL Certificate on your server.

Important FAQs on Validation Process-

Can customers switch domain validation methods during reissuance?

It depends. If the original method was File/DNS Authentication, you could contact support to switch to email-based authentication. The email method will allow you to use the WHOIS email or one of 5 pre-approved alias addresses (admin@, administrator@, webmaster@, hostmaster@, and postmaster@).

Do OV SSL customers need to re-validate their business details during reissuance?

Yes. After December 1, 2017, all business details related to the certificate will be validated again by DigiCert.

Do EV SSL customers need to re-validate their business details during reissuance?

Yes. After December 1, 2017, all business details related to the certificate will be validated again by DigiCert.

For more Symantec Re-Issue and Digicert Acquisition FAQ

We’re here to help!

If you have questions/concerns or want immediate assistance with your Symantec-issued certificates, please contact our 24/7 live chat Support team or drop us a mail at