Rekeying a certificate generates a new key and certificate with the same name and expiration date as an existing certificate. Rekeying is used if an existing key is lost or compromised. 


This section lists all the rekey certificate requests pertaining to the Virtual ID. 


As a pre-requisite, the rekey certificate option should be enabled in the Policy section from the admin portal.  

A user will be required to agree to a Subscriber Agreement while rekeying a certificate. 


To rekey a certificate from the web portal:


  1. Navigate to the "Virtual ID" and click "Issued Certificates". 
  2. Click the button against the certificate that you want to rekey and click on "More Actions". 



  1. Certificate action screen will be displayed. Select "Rekey Certificate" from the drop down, click the confirmation button and then click "View Request". 



  1. The certificate request will appear on the screen. The Welcome Note screen will appear. Click next.



The Subject Distinguished Name (SDN) screen will be displayed. 



The Certificate Validity screen will appear. Click next. 



Click "Rekey", a certificate rekey confirmation will appear. You can enter an optional message, then click "Rekey". 



The certificate generated message will appear. 



The certificate will appear in the Virtual ID Rekey Requests listing. 


Second Factor Authentication 


If second factor authentication is enabled on rekey requests, the configured authentication mechanism will function accordingly. When a user clicks on the Rekey button, the authentication window will appear, and once it accepts the selected method, it will generate a certificate. 


The authentication mechanism can be one of the following:


  • SMS OTP Authentication 
  • Email OTP Authentication 
  • Email & SMS Authentication
  • SAML Authentication 
  • Active Directory Authentication 
  • Azure Active Directory Authentication
  • OIDC Authentication