Certificate reissuance is a process in which the a user generates a new private key and CSR for an existing certificate. A user may need to proceed with certificate issuance if he loses or deletes his private key. If they want to change any of the certificate information, or if they want to change the certificate's encryption level. Once re-issuance process is complete, a new digital certificate is produced. 


An operator can initiate reissue requests from the web portal. See Reissue Requests.


This section lists all the reissue requests.

A user will be required to agree to a Subscriber Agreement while certificate reissuance. 


Expand Requests > Reissue Requests from the left menu pane. The Reissue requests listing will appear. The Request By section will display Citizen ID below the user name if it is enabled in the Configurations > Default Settings.



If vetting is enabled from the configurations section, rekey requests initiated from the web portal can be approved from the admin portal. 


  1. Expand Requests >  Certificates from the left menu pane,
  2. Click the button against the certificate that you want to rekey and click on More Actions. 



  1. Certificate action screen will be displayed. Select Reissue Certificate from the drop down, click the confirmation and then click View Request. 



  1. The Certificate Signing Request (CSR) screen will appear. Upload a valid CSR, and then click >. 



  1. You will be navigated to the SDN screen. Click >.



  1. The SAN screen will appear. Click > to proceed.



  1. Then the Certificate Validity screen will appear. Click > to proceed. 



  1. The Domain Ownership Verification screen will appear. The Domain Verification Status will appear Unverified. Click Verify to proceed. 



  1. Once the status is Verified, click Reissue. 



  1. You can add an optional message and click Reissue.  



  1. The Certificate Generated roaster message will appear and the certificate will appear in the Reissue requests listing. 


From the Reissue Requests, you can perform the following actions:

Click to perform a number of actions including view activity, request and old request. 

Click on Request Activity to see the activity performed against this request. 



Click and then click Details. 



The Details will appear as displayed below:



Second Factor Authentication 


If second factor authentication is enabled on certificate requests, the configured authentication mechanism will function accordingly. When a user clicks on the Generate button, the authentication window will appear, and once it accepts the selected method, it will generate a certificate. 


The authentication mechanism can be one of the following:


  • SMS OTP Authentication 
  • Email OTP Authentication 
  • Email & SMS Authentication
  • SAML Authentication 
  • Active Directory Authentication 
  • Azure Active Directory Authentication
  • OIDC Authentication