How to replace SSL certificate in the Thawte Certificate Center (TCC) account

Solution ID:    SO13487    Updated:    12/18/2017


An SSL certificate requires a Public and Private key. The Private key is a critical component and it is stored in your Web server or SSL appliance and cannot be replaced by Thawte. Problems with the private key can include:  

Accidental deletion/removal
Lost Private Key
Server crash
Note: All replacements (for any reason) are free of charge. If you are changing any information on the SSL certificate such as Common Name, Organization, etc. you are not eligible for a replacement and must enroll for a new certificate.

Watch Thawte’s Tutorial Videos for a more visual experience!

Note:  If you are unable to view the video, please click here to go directly to the video source.

Replace Instructions

  1. Visit the Thawte Certificate Center (TCC) login page, enter the account username/password and click the 'Sign in' button.
  2. Select the certificate that needs to be replace from the list, then click the Details tab below. Take note of the following fields:
    • Common Name
    • Organization
    • Organizational Unit
    • State
    • City/Location
    • Country
  3. Under the Status tab, click Replace
  4. Generate a new Certificate Signing Request (CSR) from your Web server using the same information as the original certificate. This includes the following fields:  Organization, Organizational Unit, Common Name, Country, City/Locality & State
    Note: Click here for CSR generation instructions
  5. Select Server Platform
  6. Paste the CSR contents into the text box
  7. Click Continue
  8. Agree to the Subscriber Agreement > click Submit
  9. A confirmation screen with the new order number and certificate validity details will appear. Click the 'Go to Certificate Center' button to return to the Thawte Certificate Center (TCC) to review the status of the certificate reissue.
    Note: If your SSL certificate contains Subject Alternative Name (SAN) entries, you cannot add or remove SAN values or an error will be displayed. You must revoke the current certificate and request a new one with the updated SAN values.


Replacing an SSL certificate does not add the certificate to Certificate Revocation List (CRL) or immediately flag the certificate as revoked status through Online Certificate Status Protocol (OCSP) responder.

The previous issued certificate should be removed from the server or device. Once the latest replacement issued certificate confirmed working, you need to revoke the previous certificate. To revoke an SSL certificate immediately, refer to this solution.



Thawte has made efforts to ensure the accuracy and completeness of the information in this document. However, Thawte makes no warranties of any kind (whether express, implied or statutory) with respect to the information contained herein. Thawte assumes no liability to any party for any loss or damage (whether direct or indirect) caused by any errors, omissions, or statements of any kind contained in this document. Further, Thawte assumes no liability arising from the application or use of the product or service described herein and specifically disclaims any representation that the products or services described herein do not infringe upon any existing or future intellectual property rights. Nothing herein grants the reader any license to make, use, or sell equipment or products constructed in accordance with this document. Finally, all rights and privileges related to any intellectual property right described herein are vested in the patent, trademark, or service mark owner, and no other person may exercise such rights without express permission, authority, or license secured from the patent, trademark, or service mark owner. Thawte reserves the right to make changes to any information herein without further notice.  

Find Answers

Search Tips