Follow

Issue: Renewing a certificate with Digicert (the first time) fails to pick up the remaining time of the current certificate.

Applies to:

All versions of Venafi

Symptoms:

You've imported a number of certificates to the Trust Protection Platform from Digicert. At renewal, to ensure no down time, you renew before the cert has actually expired.

Expected Behavior:

The new certificate issued from Digicert should append the remaining time from the original certificate to the new term.

Actual Behavior:

The new certificate has only a single term length - the remaining time is lost.

Cause:

The cause, essentially, is that Digicert doesn't recognize this as a renewal - they see it as a request for a new Certificate.  Why? Because Venafi doesn't have the original Digicert ORDER_ID for the cert, and therefore doesn't recognize it when sent for renewal from Venafi. Instead, they simply send out a new one.

Resolution:

There are two possible scenarios:

1) Renew with Venafi and loose the remaining term - the first time only.  After that, the now "new" certificate comes from Digicert with the Order_ID, and Venafi knows about it and tracks it for the next renewals moving forward.

2) Check Digicert for the Order_ID and add it to the Certificate in Venafi. In the case of having several, Digicert may even send you a list of certificates and Order_ID's, but we can not confirm that at this time. For sure though, you can go to digicert, check the certificate, and claim the Order_ID from them.

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request

Comments