Skip to main content

There are some circumstances in which your digital certificate may become unusable. In some cases, access to your certificate can be restored but in other cases it will be necessary to replace the certificate. When a certificate is replaced, the old certificate is revoked.

In this document, IdenTrust will provide answers to frequently asked questions about replacing a digital certificate.

Determine if a Certificate Replacement is Needed Using Microsoft® Edge

Using Microsoft® Edge you can determine whether your certificate needs to be replaced by trying to export the certificate. (If you need more detailed instructions for exporting the certificate, please see the IdenTrust document “How to Export a Certificate When Using Microsoft® Edge”) Try to export the certificate following these instructions:

  • Close all open Microsoft® Edge windows and open a new one.
  • Click on the "Settings and more icon" More Icon Example in the upper right corner
  • Click the "Settings" icon Settings Icon 
  • Select "Privacy, search and services"
  • Scroll down to "Security"
  • Click "Manage certificates"
  • Your certificate should be listed under the “Personal” tab. If it is not there, either the certificate was retrieved on a different computer, browser, or device (USB token or Smart card) or it has been deleted. If you cannot find your certificate in one of those places, you will have to replace the certificate.

 

Image
Certificate Import Verification

 

2. If your certificate is there, select it by clicking once. Then click “Export”. The “Certificate Export Wizard” will pop up. Click “Next”.

If the “Yes, export the private key” option is grayed out, the private key may reside in a secure device such as a USB token or Smart card which do not allow private key export; or the private key has been deleted from the computer and you will need to replace the certificate.

 

Image
Certificate Export Wizard select Yes

 

3. If the “Yes, export the private key” option is available, make sure it is checked. Then click “Next”. If available, make sure the “Enable strong protection” box is checked. Put a check in the “Include all
certificates in the certification path” if possible box. Click “Next”.

 

Image
Select Include all Certs within certificate export Wizard

 

4. Type in a password that will be used for exporting and importing this certificate. Re-type it in the second box to confirm it. Click “Next”.

 

Image
Certificate Wizard: Set password for certificate

 

5. Click the “Browse” button. Choose the drive and folder where you would like to store the exported file. Type in a file name. Click “Save”.

 

Image
Type in name of file and click save

 

6. Click “Next”.

 

Image
Certificate Wizard Export Step Press next

 

7. Click “Finish”.

 

Image
Verify Results and the click finish: Certificate Export Wizard page

 

8. A window will pop up asking you to confirm that you are accessing a protected item. Click “OK"

 

Image
Press OK to allow application to Export Private Key

 

9. If your password is still not accepted, you will need to replace your certificate.
If your password is accepted, a window will pop up saying that “your export was successful”. Click “OK”. You do not need to replace your certificate.

 

Image
Export Successful Window

 

Replacing Your Digital Certificate

Once you have determined that your certificate needs to be replaced (using the instructions above), replacement is a 3-step process:

  • Remove the corrupted certificate from your computer;
  • Replace the certificate; and
  • Verify replacement.

Step 1: Remove the Corrupted Certificate From Your Computer

  1. Close all open Microsoft® Edge browser windows.
  2. Open a new Microsoft® Edge browser window.
  3. Click on Settings and more icon More Icon Example in the upper right corner.
  4. Click the Settings icon Microsoft Edge Settings Icon  
  5. Select "Privacy, search and services" 
  6. Click "Manage Certificates" under the "Security" Heading
  7. Find the certificate with your name and certificate type on it under the “Personal” tab and select it by clicking on it once.
  8. Click the “Remove” button.
  9. When you get the message “You cannot decrypt data encrypted using this certificate. Do you want to delete the certificate?”. Click “Yes”. 
  10. Click the “Close” button at the bottom of the screen.
  11. Close Microsoft® Edge completely.

Step 2: Replace Your Certificate

  1. Log into the “Certificate Management Center
  2. Enter your Account Number and Password
  3. Click the “Login” button on the left side of your screen.
  4. When you are asked for a certificate to log in with, click “Cancel”. Enter your account number and your IdenTrust account password.
  5. In the drop-down box under the listing for your “Valid Certificates”, select “I would like to replace my certificate” and click “Continue”.
  6. Follow the on-screen instructions to retrieve the new certificate.
  7. You will be given a new activation code to use during this retrieval process. Be sure to write down this activation code.
  8. At the end of the retrieval, you will need to verify the installation. This will fail the first time (because you had to click “Cancel” in Step 2a) but you will receive instructions to retry and successfully verify the retrieval.

Step 3: Verify Certificate Replacement

  1. You can verify the certificate was installed by testing it. Go to: https://www.identrust.com/test/ using the computer and browser in which you have your certificate.
  2. Then follow the prompts to complete the test by clicking “Next”.
  3. If you do not receive a “Congratulations” message at the end; call the IdenTrust support line. You should have access to your computer when you call so that our representative can guide you through alternative certificate replacement steps. Let the representative know that you have followed all of the steps in this “How To” document and whether you experienced any difficulty with any of the steps