Fax a manual revocation letter on your company letterhead to Symantec. To obtain a sample letter (PDF), go to AR180 Instructions for filling out the revocation letter are as follows:
- Label the subject as "Revoke/Replacement".
- The Common Name/Web site address of the certificate (for example, server.domain.com).
- Your request and the reason for the revocation (choose from the following reasons):
- Lost, corrupt, or mismatched Private key
- Challenge Phrase not available
- Challenge Phrase does not work
- Change to server software brand.
- Change to server host/key security.
- Upgrade to key encryption strength.
- Certificate type (Secure Site (Server) Certificate or Secure Site Pro (Global) Certificate).
- The server software vendor you are using (for example, Microsoft IIS 6.0, Apache, iPlanet Web Server, and so on).
- Signature of the Technical or Organizational Contact on the initial enrollment.
- Fax the letter to 1-650-961-8870. The revocation process occurs within 24 hours of receiving the fax.
Replace the certificate
Once the revocation status of the certificate indicates "Revoked", follow these steps:
- Go to: Symantec Search Certificates page.
- Enter the Common Name, order number, or serial number of the certificate you want to replace.
- Click Search.
- Click the name of the certificate you want to replace. Ensure that the status of the certificate displays "Revoked".
- Click Replace.
- Generate a new Certificate Signing Request (CSR) from your Web server with the same certificate naming values that were specified in the original CSR. The values are case and space sensitive.
NOTE: For instructions on generating a CSR, go to: AR235
- Because you do not know the Challenge Phrase, click Forget your Challenge Phrase? Click here.
- Click Click here to continue without your Challenge Phrase.
- Paste the contents of the new CSR into the text box.
- Type the appropriate information and complete the enrollment.
NOTE: Typical processing time for a replacement certificate is 24 hours. You should receive a confirmation e-mail within an hour after enrolling for the certificate.
For order status, please visit Check Order Status page.
- Click here to log into your Symantec Trust Center account.
- Enter your Username and Password and click Sign In. If you do not remember your Password, please see the information in solution SO6057
- After successfully logging into your account, the main window will display a list of recent certificate orders.
- To select the certificate from the list, choose the corresponding radio button next to the certificate you wish to replace.
- Under the Status tab, click the Revoke and replace this certificate link towards the bottom of the page.
NOTE: You may be requested for a Challenge Phrase at this point which means the order had a Challenge Phrase assigned to it during it's initial enrollment. If the challenge phrase is not known, click on the "Don't know the challenge phrase?" link. You will then be provided with the available options to continue.
- The certificate details will be displayed for verification that this is the proper certificate to be replaced.
- Select Continue to proceed.
- In the Reason for revoking this certificate list, select the appropriate reason. Click Continue.
- Generate a new Certificate Signing Request (CSR) from your Web server using the same information as the original certificate.
This includes the following fields:
For instructions on generating a CSR on your Web server, go to: AR235
- After you have created the CSR, paste the contents of the file into the text box, select the proper Server Platform, and then click Continue.
- Agree to the Subscriber Agreement and click Submit.
- To check the status of your order, log into your Symantec Trust Center account.
NOTE: Typical processing time for a replacement certificate is 24 hours. You should receive a confirmation email within an hour after enrolling for the certificate.