Your certificate must be renewed periodically (every year for ECA and TrustID certificates,
and every two years for ACES certificates). Notification will be sent to your email
address 90 days before your certificate expires.
Select from these frequently asked questions about renewing your certificate:
Expiration dates & renewal:
- When does my certificate expire?
- Which certificates can be renewed after the expiration date?
- Which certificates must be renewed before the expiration date?
Personal information on your certificate:
- How do I renew my certificate?
- How do I renew my server certificate?
- How long will it take to renew my certificate?
- I can’t login to the Certificate Management System.
- I’m trying to renew and I get a message that says I need to login to the Certificate
Management System with my certificate. What does this mean?
Passphrase and passwords:
- Can I update the personal information on my certificate?
- I just renewed my certificate and I got an email asking me to send notarized forms.
Do I need to send them in again?
If you have forgotten your passphrase or password or have other questions about them, please see the
passphrase and password FAQ section.
- Can I change my IdenTrust passphrase during renewal?
1. When does my certificate expire?
TrustID certificates expire one year from the date of issuance (retrieval); ACES certificates expire two years from the date of issuance. ECA certificates expire one, two or three years from
the date of issuance. You can check your expiration date(s) by going to the
Certificate Management Center and looking under the
Manage Your Certificates heading. Your certificate(s) will be listed there, along with
their status and expiration (“valid through”) date(s). You will also receive email notifications
90, 60, 30, 15, 7 and 1 day(s) before your certificate expires.
2. Which certificates can be renewed after the expiration date?
Trust ID certificates may be renewed up to 30 days after their expiration dates.
3. Which certificates must be renewed before the expiration date?
ACES (federal government) and ECA (DOD) certificates cannot be renewed after they expire. If your certificate
has expired, you will need to apply for a new certificate.
4. How do I renew my certificate?
If you have an SSL/TLS certificate, please see question 5 (How do I renew my server
For all other certificates, if your certificate has not expired and it is within 90 days of expiration,
simply login to your account in the Certificate
Management Center with your current digital certificate.
In the box at the top of the page, click on the Renew button where it says “Please
renew now,” then follow the on-screen directions. You may also look under Manage My Certificates and select
I would like to renew my certificate from the pull-down menu.
If your certificate has expired, you must login to the
Certificate Management Center using your account number and
IdenTrust passphrase. To do this, click Cancel when you are asked to authenticate with your
certificate. When prompted, enter the account number that was sent to you in a letter when your account was
originally approved, and your IdenTrust passphrase, the password you chose online when you applied for the
Under the heading “Valid Certificates,” there should be only one option; choose All
my certificates are expired, and I want to request a renewal, then click Continue and
follow the on-screen directions.
5. How do I renew my server certificate?
A server certificate is renewed like any other certificate, with the following changes:
Once you have created a CSR and are logged on to the CMC, select I would like to renew my
certificate from the pull-down menu. Verify your information, and make any necessary changes.
- Before starting the renewal process, you will need to create a Certificate Signing Request (CSR).
- You will login to the Certificate Management Center
(CMC) using your account number and passphrase instead of with a certificate.
You will then be asked to provide a CSR; copy and paste it into the field provided:
Follow the remaining on-screen directions to complete the renewal process.
6. How long does it take to renew my certificate?
The renewal process usually takes 3-5 business days. Once we receive your renewal request, our Registration
team reviews and approves the account. Once approved, a letter with instructions on how to retrieve the renewed
certificate will be sent to you by US mail.
Back to top
7. I can’t login to the Certificate Management Center.
If you are having trouble logging in to the CMC, please make sure your browser is not blocking pop-ups for this site.
If can’t login because you have forgotten your passphrase, you will need to
reset your passphrase. You should then be able to access the
Certificate Management Center and complete your certificate
8. I’m trying to renew and I get a message that says I need to login to the
Certificate Management Center with my certificate. What does this mean?
In order to renew your certificate before it expires, you must be on the computer that currently holds your
certificate. When you login to the Certificate Management Center, a box will appear with your name in it.
You must highlight your name and click OK. If your name is not in the box, it means that your
certificate is not on the computer you are using.
If your certificate is on another computer, please renew it from that computer.
If your certificate is no longer on any computer, you will need to replace
your certificate first and then renew it.
9. Can I update any personal information that has changed?
If any of the person information that goes into your certificate has changed (or will change soon),
you should update that information while renewing. In most cases, the personal information in your
certificate is your name and email address.
The only time you can change this information embedded in a certificate is during renewal.
If this information changes at any other time, you must apply for a new certificate that reflects the changes.
10. I just renewed my certificate and I received an email saying that I need to send
in notarized forms. Do I need to send them in again?
For ACES and Trust ID certificates, if your name, your company name, the company headquarters address, or your
email address has changed, you will need to resubmit the notarized forms. Otherwise, the original forms you
submitted are good for 6 years.
11. Can I change my IdenTrust passphrase during renewal?
You will be asked whether you want to change your IdenTrust passphrase during the renewal process.
Remember that this is not the same as the password you use when using your certificate (although you may
have chosen the same code for both passphrase and password).
Unless you are confident that you will remember a new passphrase, you should not change it.
Changing this passphrase will not change the password for using your certificate.
For more information on passphrases and passwords see the FAQ about
passphrases and passwords.
Back to top
FEDERAL AGENCY PROGRAMS
STATE AGENCY PROGRAMS