Every digital certificate issued by SSL.com has an expiration date and must be renewed before it becomes invalid. There is no way to modify an existing certificate that has been signed by a CA and installed on a website, workstation, or USB token, so “renewal” of an expired certificate really means the validation, generation, and installation of a brand new certificate.
When renewing extended validated (EV), organization validated (OV), and individual validated (IV) certificates, customers often must repeat validation steps such as callbacks and document submissions. This re-validation is necessary because these certificates are used for identity verification. We tend to think of “identity” as static and unchanging on a day-to-day basis, but information about both individuals and organizations changes over time: phone numbers, addresses, and even names may change; staff members come and go; businesses may split and merge. Therefore, all publicly trusted CAs (including SSL.com) must periodically re-validate this information before issuing a new certificate.
In the case of certificates using a stored validation, no domain validated placeholder certificate will be issued as with new OV SSL certificate orders that do not have a stored organization identity. Only the OV certificate will be issued when a stored organization identity is used.
How do I know when I need to renew?
For the convenience of our customers, SSL.com provides a renew link associated with each expiring or expired certificate order to ease this process. These links are a convenience to help you re-purchase the same certificate type without going through the shopping process again.
In some cases SSL.com can reuse previously submitted validation information when replacing an expired certificate. For example one year into a three-year EV SSL you would not be required to re-validate, but you would after two years. SSL.com will inform you if re-validation is required when replacing a certificate in a multi-year order.
Certificate Renewal Requirements
Extended Validation (EV)
When renewing an EV Code Signing, EV SSL, or EV UCC/SAN certificate:
- A new EV Authorization Form must be submitted. SSL.com will call the authorization form signer to confirm their signature and the new certificate request.
- Before renewing, double-check your organization’s information in Duns & Bradstreet or any other information source that SSL.com will use to validate your renewal request to make sure that it is complete and up-to-date.
Organization Validation (OV)
Certificate types that may include organization validation (OV) information include:
- High Assurance SSL
- Wildcard SSL
- Multi-Domain UCC/SAN SSL
- Business Identity
- Code Signing
- NAESB Client Certificates
If you are renewing one of these certificate types and your certificate includes validated information about your business or organization:
- A new callback will be required to renew an OV certificate. Please refer to our how-to on Callbacks for OV Certificates for instructions.
- Before renewing, double-check your organization’s information in Duns & Bradstreet or any other information source that SSL.com will use to validate your renewal request to make sure that it is complete and up-to-date.
- Business Identity document signing certificates require a video chat with SSL.com validation staff for renewal.
Individual Validation (IV)
Certificate types that may include individual validation (IV) information include:
If you are renewing one of these certificate types and your certificate includes validated information about your personal identity:
- Please submit the following identifying information:
- A scan of the front of a valid, government-issued photo ID card or passport ID page. The ID number may be obscured, but we must be able to see your name, address, year of birth, and photograph.
- A scan of the back of the government-issued ID card or passport ID page.
- A photograph of of yourself holding the government-issued ID next to your face so that your face may be compared with the image on the ID. The photograph should be at least 5 megapixels (MP) – most current smartphones can provide an image of 5MP or greater.
- Business Identity document signing certificates require a video chat with SSL.com validation staff for renewal.
- Note that Personal Basic email and client certificates do not require validation for renewal because the activation link sent to the subject email address proves access to the email address.