Rekeying a certificate generates a new key and certificate with the same name and expiration date as an existing certificate. Rekeying is used if an existing key is lost or compromised. 


This section lists all the rekey certificate requests pertaining to SigningHub. 


As a pre-requisite the rekey certificate option should be enabled in the Policy section from the admin portal.  

A user will be required to agree to a Subscriber Agreement while rekeying a certificate. 


To rekey a certificate from the web portal:


  1. Expand SigningHub > Issued Certificates. 
  2. Click the button against the certificate that you want to rekey and click on "More Actions". 



  1. Certificate action screen will be displayed. Select Rekey Certificate from the drop down, click the confirmation button and then click View Request. 



  1. The request will appear on the screen. Click Next and move to the second stepper. 



  1. The Certificate Validity screen will appear. Click Rekey. 



  1. Click Rekey and you will be navigated to the Certificate Rekey screen. You can add an optional message, and then click Rekey.



  1. The certificate will appear in the Desktop Signing Rekey Requests listing. 


Second Factor Authentication 


If second factor authentication is enabled on certificate requests, the configured authentication mechanism will function accordingly. When a user clicks on the Generate button, the authentication window will appear, and once it accepts the selected method, it will generate a certificate. 


The authentication mechanism can be one of the following:


  • SMS OTP Authentication 
  • Email OTP Authentication 
  • Email & SMS Authentication
  • SAML Authentication 
  • Active Directory Authentication 
  • Azure Active Directory Authentication
  • OIDC Authentication