Rekeying a certificate generates a new key and certificate with the same name and expiration date as an existing certificate. Rekeying is used if an existing key is lost or compromised. 


This section lists all the rekey certificate requests pertaining to Desktop Signing. 

A user will be required to agree to a Subscriber Agreement while rekeying a certificate. 


As a pre-requisite the rekey certificate option should be enabled in the Policy section from the admin portal.  


  1. Rekey Desktop Signing Certificate
  2. Rekey Desktop Signing Certificate with CAA Record


Rekey Desktop Signing Certificate


To rekey a certificate from the web portal:


  1. Navigate to the "Desktop Signing" and click "Issued Certificates". 
  2. Click the button against the certificate that you want to rekey and click on "More Actions". 



  1. Certificate action screen will be displayed. Select "Rekey Certificate" from the drop down, click the confirmation button and then click "View Request". 



  1. The request will appear on the screen. Click "Next" and move to the second stepper. Click "Rekey" and you will be navigated to the Certificate Rekey screen. You can add an optional message, and then click "Rekey".



The certificate will appear in the Desktop Signing Rekey Requests listing. 


Rekey Desktop Signing Certificate with CAA Record 


Navigate to the "Certificate Center" and click "Issued Certificates". 

Click the  button against the certificate that you want to rekey and click on "More Actions". 



Certificate action screen will be displayed. Select "Rekey Certificate" from the drop down, select the confirmation button 'Are you sure you want to rekey this certificate?' and then click "View Request". 



The Subject Distinguished Name (SDN) screen, they will appear in a disabled form. Click next. 



The Subject Alternative Name (SAN) screen will appear. Click next.



The Certificate Validity screen will appear. Click next. 



The Domain Ownership Verification screen will appear with the CAA record as unverified. Click the Verify button to validate the CAA record. 



Once the CAA record is verified, click Rekey. 



The certificate rekey screen will appear, click Rekey. 



Once the certificate rekey process is complete, a certificate will be generated. 



Second Factor Authentication 


If second factor authentication is enabled on rekey requests, the configured authentication mechanism will function accordingly. When a user clicks on the Rekey button, the authentication window will appear, and once it accepts the selected method, it will generate a certificate. 


The authentication mechanism can be one of the following:


  • SMS OTP Authentication 
  • Email OTP Authentication 
  • Email & SMS Authentication
  • SAML Authentication 
  • Active Directory Authentication 
  • Azure Active Directory Authentication
  • OIDC Authentication