There are some circumstances in which your digital certificate may become unusable. In some cases, access to your certificate can be restored but in other cases it will be necessary to replace the certificate. When a certificate is replaced, the old certificate is revoked.
In this document, IdenTrust will provide answers to frequently asked questions about replacing a digital certificate.
Determine if a Certificate Replacement is Needed Using Microsoft® Edge
Using Microsoft® Edge you can determine whether your certificate needs to be replaced by trying to export the certificate. (If you need more detailed instructions for exporting the certificate, please see the IdenTrust document “How to Export a Certificate When Using Microsoft® Edge”) Try to export the certificate following these instructions:
- Close all open Microsoft® Edge windows and open a new one.
- Click on the "Settings and more icon" in the upper right corner
- Click the "Settings" icon
- Select "Privacy, search and services"
- Scroll down to "Security"
- Click "Manage certificates"
- Your certificate should be listed under the “Personal” tab. If it is not there, either the certificate was retrieved on a different computer, browser, or device (USB token or Smart card) or it has been deleted. If you cannot find your certificate in one of those places, you will have to replace the certificate.
If the “Yes, export the private key” option is grayed out, the private key may reside in a secure device such as a USB token or Smart card which do not allow private key export; or the private key has been deleted from the computer and you will need to replace the certificate.
certificates in the certification path” if possible box. Click “Next”.
If your password is accepted, a window will pop up saying that “your export was successful”. Click “OK”. You do not need to replace your certificate.
Replacing Your Digital Certificate
Once you have determined that your certificate needs to be replaced (using the instructions above), replacement is a 3-step process:
- Remove the corrupted certificate from your computer;
- Replace the certificate; and
- Verify replacement.
Step 1: Remove the Corrupted Certificate From Your Computer
- Close all open Microsoft® Edge browser windows.
- Open a new Microsoft® Edge browser window.
- Click on Settings and more icon in the upper right corner.
- Click the Settings icon
- Select "Privacy, search and services"
- Click "Manage Certificates" under the "Security" Heading
- Find the certificate with your name and certificate type on it under the “Personal” tab and select it by clicking on it once.
- Click the “Remove” button.
- When you get the message “You cannot decrypt data encrypted using this certificate. Do you want to delete the certificate?”. Click “Yes”.
- Click the “Close” button at the bottom of the screen.
- Close Microsoft® Edge completely.
Step 2: Replace Your Certificate
- Log into the “Certificate Management Center”
- Enter your Account Number and Password
- Click the “Login” button on the left side of your screen.
- When you are asked for a certificate to log in with, click “Cancel”. Enter your account number and your IdenTrust account password.
- In the drop-down box under the listing for your “Valid Certificates”, select “I would like to replace my certificate” and click “Continue”.
- Follow the on-screen instructions to retrieve the new certificate.
- You will be given a new activation code to use during this retrieval process. Be sure to write down this activation code.
- At the end of the retrieval, you will need to verify the installation. This will fail the first time (because you had to click “Cancel” in Step 2a) but you will receive instructions to retry and successfully verify the retrieval.
Step 3: Verify Certificate Replacement
- You can verify the certificate was installed by testing it. Go to: https://www.identrust.com/test/ using the computer and browser in which you have your certificate.
- Then follow the prompts to complete the test by clicking “Next”.
- If you do not receive a “Congratulations” message at the end; call the IdenTrust support line. You should have access to your computer when you call so that our representative can guide you through alternative certificate replacement steps. Let the representative know that you have followed all of the steps in this “How To” document and whether you experienced any difficulty with any of the steps