There are a variety of reasons why you may need to re-issue your Code Signing Certificate, including errors during the initial collection process. You can re-issue your Code Signing certificate at any time during its lifecycle using either the Manual CSR method or the Internet Explorer Browser-based Generation method. If you have already signed and timestamped code before re-issuing, the good news is that the previous signature will still be valid after re-issuing the certificate. You will only need to apply a new signature if you make changes to the previously signed code.
PLEASE NOTE: EV Code Signing certificates cannot be re-issued as they are not digital certificates and require a physical USB token. The USB token cannot be replaced and will require a new order if damaged or lost. Please contact our live support team for assistance troubleshooting your EV Code Signing certificate.
Starting the Re-issue Process
There are two methods you can use to re-issue your Code Signing certificate. If you intend to manually submit your Certificate Signing Request (CSR) you will need to begin by generating the CSR on your system. You may use the previous CSR if you have the matching private key file--if you're not sure about the key, we recommend creating a new CSR.
If you are able to use Internet Explorer to create the certificate using the Browser-based method, you'll just need to login to your ComodoSSLStore account on the Internet Explorer browser to complete the re-issue process.
To start the re-issue process, head over to your CertPanel dashboard. If you have not yet linked your ComodoSSLStore account to CertPanel, check out our article Link Your Account To CertPanel.
1. Access CertPanel
To login on ComodoSSLStore.com, click the Login button in the top-right corner of the web page.
Next, click the tab to Log in to CertPanel and enter your account credentials.
2. Locate Order
3. View Order Details
4. Re-Issue Certificate
5. Allow the Digital Certificate Operation (Internet Explorer only)
If you are re-issuing your Code Signing Certificate using the Internet Explorer Browser-based generation method, you should see a Web Access Confirmation pop-up requesting that you allow the digital certificate operation on CertPanel. Click YES to continue. This pop-up only occurs on Internet Explorer, so if you are using the Manual CSR method, move on to the next step.
6. Individual or Company?
You may see a pop-up asking if you are requesting the certificate for yourself as an Individual or for a Company. If your certificate was previously issued under your name, select Individual. If the certificate was issued under a company or organization name, select Organization. If you're not sure, you can just click the X to exit the pop-up.
7. Review Certificate Details
The order form should automatically populate with the details that were previously submitted for the certificate. Please note that if you change any of these details, you will need to undergo validation for the new information. If no details have changed, please double-check the order form before proceeding.
8. Select Generation Method
Step 3 on the re-issue order form is to select your generation method for the certificate.
Manually Enter My CSR
If you are submitting a CSR, select "Manually Enter My CSR" and paste your CSR code into the field.
Use My Browser to generate the CSR
If you are using the Internet Explorer Browser-based generation method, select "Use My Browser to generate the CSR". A new menu for Advanced Private Key Options will appear. In most cases you will not need to change any of the default selections for the Advanced Private Key Options. We recommend leaving the default options as they are unless you know you need different settings for your environment.
CSP: Microsoft Enhanced Cryptographic Provider v1.0
Key Size: 2048
User protected?: No
8. Submit Re-issue Request
Review and Accept the terms of the Subscriber Agreement and click Submit to complete the first step of the re-issue process.
After you submit the re-issue request, the certificate will be validated and approved again. You may need to work with Comodo's validation team to finalize the order again. Be sure to check your email for any correspondence from the validation team.
Once your certificate is approved and issued, you'll receive a new collection email from Comodo. If you used the Internet Explorer Browser-based generation method, make sure to open the collection link in Internet Explorer on the same PC where you started the re-issue process. If you used the Manual CSR method, we recommend using Chrome or Edge to download the certificate file.
The Manual CSR method also requires a few additional steps to creating your code signing certificate PFX file after you download the main certificate from the collection link. Please check out our article Converting Code Signing to PFX for instructions on combining your certificate and key files to complete the certificate.