Follow

Issue: Renewing a certificate with Digicert (the first time) fails to pick up the remaining time of the current certificate.

Applies to:

All versions of Venafi

Symptoms:

You've imported a number of certificates to the Trust Protection Platform from Digicert. At renewal, to ensure no down time, you renew before the cert has actually expired.

Expected Behavior:

The new certificate issued from Digicert should append the remaining time from the original certificate to the new term.

Actual Behavior:

The new certificate has only a single term length - the remaining time is lost.

Cause:

The cause, essentially, is that Digicert doesn't recognize this as a renewal - they see it as a request for a new Certificate.  Why? Because Venafi doesn't have the original Digicert ORDER_ID for the cert, and therefore doesn't recognize it when sent for renewal from Venafi. Instead, they simply send out a new one.

Resolution:

There are two possible scenarios:

1) Renew with Venafi and loose the remaining term - the first time only.  After that, the now "new" certificate comes from Digicert with the Order_ID, and Venafi knows about it and tracks it for the next renewals moving forward.

2) Check Digicert for the Order_ID and add it to the Certificate in Venafi via a support tab edit. In the case of having several, Digicert may even send you a list of certificates and Order_ID's, but we can not confirm that at this time. For sure though, you can go to digicert, check the certificate, and claim the Order_ID from them.

**Additional Note** the Venafi support tab entry for the digicert order id is: Digicert CA:Request ID

Was this article helpful?
0 out of 0 found this helpful

Comments

  • Avatar
    Stephanie Enciso

    For Option 2, would creating a custom field in Venafi with the Order_ID suffice? Can you go more in depth when you say "Check Digicert for the Order_ID and add it to the Certificate in Venafi".

    Thank You, 

    SE