How to replace a Code Signing Certificate purchased through Acmetek.

Sometimes if a certificate was not backed up and one of the following changes was made, you may need to replace your Code Signing certificate:

  • A computer crash.
  • Original computer is no longer available.
  • Changes to the computer’s browser or profile.
    Note: All replacements are free of charge for as long as the certificate is valid.

For whatever reason depending on your Code Signing Certificate you will have to perform the following replacement instructions to that Code Signing Certificate product.

In this article you will find instructions on how to replace either Microsoft or Java Code Singing Products. Depending on your Code Signing product will determine how to replace your Code Signing Certificate.


How to replace a Code Signing Certificate for Microsoft Authenticode/Office-VBA CodeMicroSoft MicroSoft Office

Some things to know before you start:

  1. Certificate replacement for Microsoft Authenticode/Office-VBA Code Signing is conducted in your browser. When performing this replacement for your code signing certificate it is required to use either Firefox or Internet Explorer Browser for the initial replacement and pickup after the new replacement certificate has been issued.
  2. The En-roller/Re-placer is actually creating the private key pair within their browser. It is important to keep this in mind for the following reasons…
    • Once the certificate gets issued a email will be sent to the Technical Contact with instructions to click on a link in order to pick up their Microsoft code signing product. That link must be Clicked-on/Copy-Pasted into the same System/Browser that was used for the initial enrollment of the code signing certificate.
    • If the En-roller/Re-placer – Admin Contact is different than the Technical Contact that email must be forwarded to the replacement system in order to Clicked-on/Copy-Paste the link  into the same System/Browser that was used for the initial enrollment of the code signing certificate.
  3. After the replacement has been conducted the technical contact will receive an email on picking up the replacement certificate. The certificate pickup link must be Click-on/Copy-Paste the link  into the same System/Browser that was used for the initial enrollment of the code signing certificate.
  4. Once you get confirmation in your browser that the code signing certificate has been installed you can begin your signing or export/backup the code signing certificate and distribute it to your developers.

Performing the replacement for Microsoft Code Signing:

  1. Visit the following page: http://products.websecurity.symantec.com/orders/orderinformation/authentication.do
  2. Enter the requested information:
    1. Fully qualified domain name (Common Name) of the certificate (enter Organization Name for Code Signing) OR Your Order number for this Code Signing Certificate
    2. A contact e-mail address listed in the certificate order (Corporate or Technical Contact).
    3. The 5-digit number displayed in the image.
  3. Click Continue.
    A list of all certificates that meet the Common Name and contact e-mail criteria will appear.
  4. On the Order Information page, select Request Access for the appropriate order you wish to replace.
  5. An order access Authentication email will be sent to the Admin or Technical Contact on the order depending on what email you specified. Click on the link it provides to access your User Portal.
  6. Within the User Portal, click Reissue Certificate on the left hand column.
  7. For best compatibility with operating systems leave Signature algorithm at default.
  8. Select Local CSR Generation.
  9. Fill out the requested information and submit the order.
  10. After some quick processing time new Replacement Certificate will be issued to the Technical contact on the initial order.
  11. Remember in order to pick up the certificate.. The certificate pickup link must be Click-on/Copy-Paste the link  into the same System/Browser that was used for the initial Replacement of the code signing certificate.
  12. Once you get confirmation in your browser that the code signing certificate has been installed you can begin your signing or export/backup the code signing certificate and distribute it to your developers.
  13. For instructions on how to export/backup your code signing certificate click on one of the links below for the corresponding browser you used.
    How to export a certificate from Firefox
    How to export a certificate from Internet Explorer

With your new Microsoft Code Signing certificate you will sign your windows based applications. For actual signing procedures, support and more information on how to code contact Microsoft.


How to replace a Sun Java Code Signing Certificate

Some things to know before you start:java-logo

  1. Unlike Microsoft Code signing a new Keystore and CSR must be manually created from the Java Software Development Kit SDK, Keytool.
  2. If you require instructions and procedures to go about the creation of this Keystore/CSR please refer to Steps 1 & 2 of our article Java Code Signing Certificate Guide
  3. Certificate replacement for Sun Java Code Signing is conducted Must be conducted in a Firefox Browser for the initial replacement.
  4. Once the replacement certificate gets issued an email will be sent to the Technical Contact with the certificate located at the bottom of the email. That will have to be reinstalled back into the .jks keystore where the CSR for the replacement was created.

Performing the replacement for Sun Java Code Signing:

  1. Visit the following page: http://products.websecurity.symantec.com/orders/orderinformation/authentication.do
  2. Enter the requested information:
    1. Fully qualified domain name (Common Name) of the certificate (enter Organization Name for Code Signing) OR Your Order number for this Code Signing Certificate
    2. A contact e-mail address listed in the certificate order (Corporate or Technical Contact).
    3. The 5-digit number displayed in the image.
  3. Click Continue.
    A list of all certificates that meet the Common Name and contact e-mail criteria will appear.
  4. On the Order Information page, select Request Access for the appropriate order you wish to replace.
  5. An order access Authentication email will be sent to the Admin or Technical Contact on the order depending on what email you specified. Click on the link it provides to access your User Portal.
  6. Within the User Portal, click Reissue Certificate on the left hand column.
  7. Select the Hashing Algorithm, and enter the new Certificate Signing Request (CSR).
  8. Fill out the requested information and submit the order.
  9. After some quick processing time new Replacement Certificate will be issued to the Technical contact on the initial order with the certificate located at the bottom of the email. This will have to be reinstalled back into the .jks keystore where the CSR for the replacement was created.
  10. If you require instructions on how to perform this installation please review Steps 3 & 4 of our article Java Code Signing Certificate Guide

For actual signing procedures and information on how to code view Oracles Tech notes using Jarsigner.

Recent Posts

S/MIME for Outlook O365 Windows

Add to Favorites S/MIME Advantages of S/MIME Certificates S/MIME (Secure/Multipurpose Internet Mail Extensions) certificates offer several advantages when it comes to securing email communications. Here

Read More »

Abbreviations

Add to Favorites There are literally thousands of IT abbreviations out there. Many are concerned with the technical aspects of the computer, while others deal

Read More »

SSL Installation on Qmail

Add to Favorites SSL Installation on Qmail Qmail is a secure, reliable, efficient, simple message transfer agent. It is designed for typical Internet-connected UNIX hosts.

Read More »