How do I replace an SSL Certificate without the Challenge Phrase?

Solution ID:    SO6965    Updated:    06/10/2015


NOTE: If you have a Symantec Trust Center account, see Method 2 below
To replace your certificate when you cannot remember the Challenge Phrase, follow these steps:

Fax a manual revocation letter on your company letterhead to Symantec. Click here to obtain a revocation letter (PDF).  Instructions for filling out the revocation letter are as follows:  
  1. Label the subject as "Revoke/Replacement". 
  2. The Common Name/Web site address of the certificate (for example, 
  3. Your request and the reason for the revocation (choose from the following reasons):
  • Lost, corrupt, or mismatched Private key  
  • Challenge Phrase not available  
  • Challenge Phrase does not work
  1. Change to server software brand. 
  2. Change to server host/key security. 
  3. Upgrade to key encryption strength. 
  4. Certificate type (Secure Site (Server) Certificate or Secure Site Pro (Global) Certificate). 
  5. The server software vendor you are using (for example, Microsoft IIS 6.0, Apache, iPlanet Web Server, and so on). 
  6. Signature of the Technical or Organizational Contact on the initial enrollment.  
  7. Fax the letter to 1-650-961-8870. The revocation process occurs within 24 hours of receiving the fax.

Replace the certificate

Once the revocation status of the certificate indicates "Revoked", follow these steps:  
  1. Log into Symantec Trust Center.  
  2. Enter the Common Name, order number, or serial number of the certificate you want to replace. 
  3. Click Search. 
  4. Click the name of the certificate you want to replace. Ensure that the status of the certificate displays "Revoked". 
  5. Click Replace.
  6. Generate a new Certificate Signing Request (CSR) from your Web server with the same certificate naming values that were specified in the original CSR. The values are case and space sensitive. 
    NOTE: Click here for instructions on generating a CSR
If you have created a Symantec Trust Center account, follow the steps below:  
  1. Click here to log into your Symantec Trust Center account.
  2. Enter your Username and Password and click Sign In. Click here if you do not remember your Password
  3. After successfully logging into your account, the main window will display a list of recent certificate orders.
  4. To select the certificate from the list, choose the corresponding radio button next to the certificate you wish to replace. 
  5. Under the Status tab, click the Revoke and replace this certificate link towards the bottom of the page.
    NOTE: You may be requested for a Challenge Phrase at this point which means the order had a Challenge Phrase assigned to it during it's initial enrollment. If the challenge phrase is not known, click on the "Don't know the challenge phrase?" link. You will then be provided with the available options to continue.
  6. The certificate details will be displayed for verification that this is the proper certificate to be replaced. 
  7. Select Continue to proceed. 
  8. In the Reason for revoking this certificate list, select the appropriate reason. Click Continue. 
  9. Generate a new Certificate Signing Request (CSR) from your Web server using the same information as the original certificate.

    This includes the following fields: 

    Organizational Unit 
    Common Name 

    Click here for instructions on generating a CSR on your Web server 
  10. After you have created the CSR, paste the contents of the file into the text box, select the proper Server Platform, and then click Continue. 
  11. Agree to the Subscriber Agreement and click Submit. 
  12. To check the status of your order, log into your Symantec Trust Center account. 
    NOTE: Typical processing time for a replacement certificate is 24 hours. You should receive a confirmation email within an hour after enrolling for the certificate.


Legacy ID



Terms of use for this information are found in Legal Notices

Contact Support

Knowledge Center


This article is available in the following languages: