Reissue certificate
POST https://www.digicert.com/services/v2/order/certificate/{{order_id}}/reissue
Use this endpoint to reissue a certificate. A certificate reissue replaces the existing certificate with a new one that has different information, such as a different common name, CSR, or signature hash.
Notice
When you reissue a certificate for a Multi-year Plan, you can set a new expiration date for the reissued certificate. For more information, see Multi-year plans.
Reissue Code Signing and EV Code Signing certificates
When reissuing a Code Signing or EV Code Signing certificate, you can choose a provisioning method for the reissued certificate by including the cs_provisioning_method
parameter in your request payload.
If you submit a reissue request without providing a cs_provisioning_method
value:
By default, DigiCert reissues the certificate using the current provisioning method for the order. To get the current provisioning method for an order, check the value of the
cs_provisioning_method
parameter on the Order info API response.If the provisioning method stored on the order is not currently enabled in your account preferences, DigiCert reissues the certificate using the default provisioning method from your account preferences. Then, the provisioning method stored on the order is updated to match the provisioning method used to reissue the certificate.
Example requests and responses
Request parameters
Name | Req/Opt | Type | Description |
---|---|---|---|
certificate | required | object | Details about the certificate. |
.. csr | conditional | string | Certificate signing request (CSR) or public key. Format the CSR/public key as a base64-encoded string without line breaks or escape characters. Include the PEM headers and footers (such as Usage depends on certificate type:
|
.. common_name | conditional* | string | Domain to be secured. *Note: The |
.. dns_names | optional | array | For TLS/SSL and VMC certificates, list of additional domains to be secured. |
.. emails | conditional | array | For Secure Email and client certificates, list of one or more email addresses to secure. Required for Secure Email and client certificates; ignored for other products. For both Secure Email and client certificates, if the common name on the certificate will be an email address, DigiCert automatically uses the first email address from the Note: Orders for |
.. user_principle_name | optional | array | List of user principle names (UPN) to include in the UPN SAN attribute on the issued certificate. Note: This parameter is only supported on Max length: 1 Max characters per item: 255 |
.. common_name_indicator | conditional | string | Choose the source of the common name value for the certificate. Required for Allowed values: Allowed values depend on product type. See Order Secure Email certificate – Common name value. |
.. individual | conditional | object | First and last name or pseudonym of the individual on the certificate. The |
.. .. first_name | conditional | string | Individual first name. Required on |
.. .. last_name | conditional | string | Individual last name. Required on |
.. .. pseudonym | conditional | string | Individual pseudonym. Required on |
.. usage_designation | conditional | object | Object that determines the primary use and additional uses for the certificate. Learn more: Order Secure Email certificate – Certificate uses. Required for Secure Email certificates. Ignored for other products. |
.. .. primary_usage | conditional | string | Primary use for the certificate. Allowed values: See Order Secure Email certificate – Primary uses. |
.. .. additional_usages | optional | array of strings | List of additional certificate uses. Allowed values: See Order Secure Email certificate – Certificate uses. |
.. is_rsassa_pss | optional | bool | For certificate requests with an RSA CSR or public key, this parameter changes the type of RSA signature DigiCert uses for the end-entity certificate. If Important: This parameter is only honored when the issuing ICA certificate has an RSA key. If the issuing ICA certificate has an ECC key, DigiCert issues the end-entity certificate with an ECC signature that has same key size as the issuing ICA certificate. |
.. server_platform | conditional | object | Server platform type. |
.. .. id | required | int | Server platform ID. Usage depends on certificate type. TLS/SSL certificate reissues: Providing a new Code Signing and EV Code Signing certificate reissues: For allowed values, see Glossary – Code Signing and EV Code Signing hardware platforms. Usage requirements depend on provisioning method (
|
.. cert_validity | optional | object | Defines the validity period of the reissued certificate. If not provided, the validity period for the reissued certificate defaults to the time remaining in the Multi-year Plan or the maximum certificate validity period defined by CA/B Forum baseline requirements, whichever is shorter. This object is ignored for reissues that are not associated with a Multi-year Plan. |
.. .. years | optional | int | Number of years the certificate is valid after it is issued. Can be replaced with Allowed value: |
.. .. days | optional | int | Number of days the certificate is valid after it is issued. Overrides Max: |
.. .. custom_expiration_date | optional | string | A custom expiration date for the certificate. Overrides Format: Range: Must be within 397 days of the date you request the certificate. |
.. signature_hash | required | string | Hash algorithm used to signing the certificate. |
.. profile_option | optional | string | Certificate profile option for the reissued certificate. Allowed values: See Glossary – Certificate profile options |
.. ca_cert_id | optional | string | ID of the intermediate certificate authority (ICA) certificate to select as the issuing certificate. To get the Account administrators can customize the default and allowed ICAs for each product at the container or user role level. If you do not provide a value for this parameter, we issue the certificate using the default ICA. If you provide the *This parameter is ignored if the option for ICA selection is not enabled for your account. For more information, see ICA certificate chain selection. |
dcv_method | optional | string | For TLS/SSL certificate reissues, DCV method to use when verifying domain control. See Glossary – DCV methods. |
comments | optional | string | Comments about the reissue for the administrator reviewing the reissue request. The |
skip_approval | optional | bool | Specify if the order should skip the approval step and be immediately submitted for validation and issued when complete. Default: |
certificate_dcv_scope | optional | string | |
use_auth_key | optional | bool | Use this parameter to complete DCV checks for new domains on a DV TLS/SSL reissue using an AuthKey request token. |
cs_provisioning_method | optional | string | |
ship_info | optional | object | For Code Signing or EV Code Signing reissues with a Optional for both Code Signing and EV Code Signing certificates. For orders that omit the |
.. name | required | string | Name of the recipient. |
.. addr1 | required | string | Shipping address for the token. |
.. addr2 | optional | string | Secondary address field. |
.. city | required | string | Shipping city. |
.. state | required | string | Shipping state |
.. zip | required | string | Shipping postal code. |
.. country | required | string | Shipping country. |
.. method | required | string | Shipping priority for the token. Allowed values: |
subject | optional | object | Object with optional data to include in subject distinguished name (DN) attributes on the issued certificate. This object is only used in reissue requests for Secure Email certificates. It is ignored in reissue requests for other product types. Learn more: Order Secure Email (S/MIME) certificate. |
.. serial_number | optional | string | Value to use in the subject DN serial number attribute. Supported on Character limit: 100 |
.. pseudonym | optional | string | Value to use in the subject DN pseudonym attribute. Supported on Note: If you are already submitting the Character limit: 128 |
.. job_title | optional | string | Value to use in the subject DN title attribute. Supported on Character limit: 128 |
.. include_pseudonym | optional | boolean | If Note: If there is no |
.. include_email | optional | boolean | If |
.. include_given_name_surname | optional | boolean | If |
Response parameters
Name | Type | Description |
---|---|---|
id | int | Order ID. |
certificate_id | int | Certificate ID. Only returned if |
dcv_random_value | string | Random value used for domain control validation (DCV). Use this token to complete the DCV check for any domain submitted for validation with the order. Only returned when the DCV method is |
requests | array | List of requests. |
.. id | int | Request ID. |