First, it is important to note that a Code Signing Certificate can only be generated and exported from Firefox. The steps for exporting your code signing certificate and private key in Firefox are as follows: Click the “Open” menu Select “Options” Click on “Advanced” or “Encryption” Under the certificate tab, select “View Certificates” Under Your Certificates, click your certificate name Once highlighted, select “back up all” and enter in your passphrase
The issue lies with either one, two or a combination of both things. First, make sure you are using Firefox as your default browser. If this browser is not used properly, you will receive an error message. Second, please make sure you are using the same PC which generated the order. If you are using a different PC, the certificate will not be able to download because the corresponding private key is missing.
After completing the validation process, the CA will release the certificate from their system and send a ‘collection’ or ‘pick-up’ link to the verified email address. Using the same PC which generated the order and Firefox as the browser, follow the link and download the certificate. Firefox will automatically pull the previous stored private key and install the code signing certificate. After downloading is completed, we recommend exporting the code signing certificate and private key from the browser into a PFX (.p12) file.
In order to utilize the in-browser controls provided by the CA, all applicants who are attempting to generate a code signing certificate must use Firefox as their default browser. If this browser is not properly used, the applicant will receive an Error Message. Due to the amazing in-browser controls provided by the CA, applicants who use Firefox as their browser will be able to automatically generate the CSR and store the private key within Firefox’s file system. This unique private key will automatically be pulled by the corresponding certificate during the installation/download process.
A code signing certificate is technically not an SSL certificate. It is a certificate-based digital signature algorithm that verifies a piece of code has not been altered or corrupted since it was signed by the author. You can think of it as “digital shrink-wrap” that verifies code is authentic, increasing customer trust and willingness to download and install it. All major operating systems like Windows, Apple OS X, and Linux support code signing and use it themselves to ensure malicious code can’t be distributed through the patch system.
Most likely, you did not generate or apply for your renewal certificate. Think of SSL like a passport – when the old one expires you must toss it out and apply for a new one. You should be able to see in your account or via an email how to generate or apply for your new order. If you have generated, make sure that the new certificate was approved and installed in place of the old expiring certificate. If the new certificate is installed, then the issue is with the configuration. Common solutions to this problem are to restart your…
Most likely, you did not generate or apply for your renewal certificate. Think of SSL like a passport – when the old one expires you must toss it out and apply for a new one. You should be able to see in your account or via an email how to generate or apply for your new order. If you have generated, make sure that the new certificate was approved and installed in place of the old expiring certificate.
Depending on the certificate details submitted with your renewal, the Certificate Authority (CA) may be able to use some previously validated information/documents. If this is an EV order, certificates validated more than 13 months are required to complete full business validation again, including providing new documentation. For OV orders, the CA can reuse previous validated information up to 39 months from the original order. Please note that if any details of your organization change, you may be required to provide additional documents.
We recommend that you generate a new CSR to renew your certificate; however, if generating a new CSR proves to be challenging, you can use the original CSR and it will work. The drawback of using the original CSR is that it will be the exact same private key, so it’s a little less secure.
A renewal is basically the same as buying a brand new certificate, “renewal” is simply an industry term that is used by all providers. So, you can go through the exact same purchasing process to renew your certificate. However, if you have access to a “renewal” option when purchasing your SSL certificate, be sure and use that so you get the remaining time rolled over from your expiring certificate to your new renewal certificate.