IdenTrust Inc. Logo
Home | My Account | Contact Us  

SUPPORT GENERAL ACES ECA IGC SSL TRUSTID
REPLACING A CERTIFICATE FAQ's

Support > Most Popular: Replace


There are some circumstances in which your certificate may become unusable. In some cases, access to your certificate can be restored, but in other cases it will be necessary to replace the certificate. When a certificate is replaced, the old certificate is revoked.

Select from these frequently asked questions about replacing your certificate:
  1. I can’t access my certificate. What should I do?
Internet Explorer users:
  1. Do I need to replace my certificate?
  2. How do I replace my certificate?
1. I can’t access my certificate. What should I do?
If you have an ACES, or TrustID certificate that you cannot use, you may need to replace the certificate. Please see “Do I need to replace my certificate?” below.

If you have a DOD ECA s-Certificate or t-Certificate, a key recovery will need to be done. These certificates cannot be replaced.

If you cannot access your account with us because you have forgotten your IdenTrust Account passphrase, you can reset your passphrase at the Certificate Management Center. You do not need to replace the certificate in this case.

2. Do I need to replace my certificate? (Internet Explorer)
You can determine whether your certificate needs to be replaced by trying to export the certificate. (If you need more detailed instructions for exporting the certificate, please see the how-to export section of the FAQs).
  1. Close all open Internet Explorer windows, and open a new one.
    Click on Tools, then on Internet Options.
    Click on the Content tab, and then on the Certificates button.
    Your certificate should be listed under the Personal Tab. If it is not there, either the certificate was retrieved on a different computer (or browser), or it has been deleted. If you cannot find your certificate on another computer, you will have to replace the certificate.


  2. If your certificate is there, select it by clicking once, then click Export.
    The Certificate Export Wizard will pop up. Click Next.
    If the “Yes, export the private key” option is grayed out, your computer has deleted the private key and you will have to replace the certificate


  1. If the “Yes, export the private key” option is available, make sure it is checked, and then click Next.
    Make sure the “Enable strong protection” box is checked.  Put a check in the “Include all certificates in the certification path if possible” box.  Click Next.
    Type in a password that will be used for exporting and importing this certificate; re-type it in the second box to confirm it.  Click Next.
    Click the Browse button.  Choose the drive and folder where you would like to store the exported file, and type in a file name.  Click Save.  Click Next. Click Finish
    A window will pop up; enter your password. If the password is not accepted, confirm that you are using the correct password – this should be the CryptoAPI Private Key password that you created when you originally retrieved your certificate online (the password you use to access your certificate), and not your account passphrase. Confirm that caps-lock is not on.



    If your password is still not accepted, you will need to replace your certificate.
If your password is accepted, a window will pop up saying that your export was successful; click OK.  You do not need to replace your certificate.

Back to top

3. How do I replace my certificate? (Internet Explorer)
Once you have determined that your certificate needs to be replaced (see “Do I need to replace my certificate?” above), replacement is a three-step process: removing the corrupted certificate from your computer, replacing the certificate, and verifying replacement.

1. Remove the corrupted certificate from your computer
  1. Close all open Internet Explorer browser windows.
  2. Open a new Internet Explorer Browser window.
  3. Click on Tools. (If you are using Internet Explorer 7.0, you will find Tools on the top left of your screen. If you are using Internet Explorer 7.0, Tools is hidden on the top right of your screen behind a double arrow.)



  4. Click Internet Options at the bottom of the pull-down menu.
  5. Click the Content tab at the center top of the window.
  6. Click the Certificates button in the middle of the Certificates section.
  7. Find the certificate with your name and certificate type on it under the Personal tab, and select it by clicking on it once.
  8. Click the Remove button.
  9. When you get the message “You cannot decrypt data encrypted using this certificate. Do you want to delete the certificate?” click Yes.
  10. Click the Close button at the bottom of the screen.
  11. Click the OK button on Internet Options
  12. Close Internet Explorer completely.
2. Replace your certificate
  1. Log into Certificate Management Center by clicking on the orange Login on the left side of your screen. When you are asked for a certificate to log in with, click Cancel. Enter your account number (which can be found on the letter you received when you first retrieved your certificate) and your IdenTrust account passphrase.
  2. In the drop-down box under the listing for your “Valid Certificates” select “I would like to replace my certificate,” and click Continue.
  3. Follow the onscreen instructions to retrieve the new certificate.
    You will be given a new activation code to use during this retrieval process; be sure to write down this activation code.
    At the end of the retrieval, you will need to verify the installation. This will fail the first time (because you had to click Cancel in step 2a), but you will receive instructions to retry and successfully verify the retrieval.
3. Verify certificate replacement
  1. To verify certificate replacement, go to https://secure.identrust.com/tsapp/retrieve-verify-instr.jsp using the computer and browser in which you have your certificate.
  2. A window that says “Congratulations, Certificate Retrieval Completed Successfully” should pop up. Click Finish.
  3. If you do not receive this Congratulations message, call our support line. You should have access to your computer when you call, so our representative can guide you through alternative certificate replacement steps. Let the representative know that you have followed all the steps in this FAQ, and whether you experienced difficulty with any of the steps.
Back to top



RELATED CONTENT
Certificate Management Center
Application Status
FAQ: Before You Buy
HOW-TO: Backup a Certificate
HOW-TO: Replace a Certificate
FAQ: General
FAQ: ACES
FAQ: ECA
FAQ: IGC
FAQ: TrustID
PKI Basics
Certificate Security and Protection
Help using your Certificate
Change Control Schedules
Support Main
 

FEDERAL AGENCY PROGRAMS
Department of State
D-Trade
Department of Treasury IRS
Secure Data Transfer
MeF Electronic Filing Certificate
General Services Administration
eOffer

STATE AGENCY PROGRAMS
Florida
City of Tallahassee
Department of Transportation
JCalendar for State Court Systems
Maine
West Virginia
Department of Environmental Protection
Virginia
Department of Transportation (VDOT)
Department of Mines Minerals and Energy (DMME)
IdenTrust, Inc. BBB Business Review WebTrust WebTrust Baseline EHNAC EHNAC GSA Schedule SOC
© IdenTrust, Inc. All Rights Reserved.    Home | Contact Us | Legal Policies