What Do I Do If I’ve Lost My Private Key?

“I’ve lost my private key!”

The private key for your SSL.com certificate is important, sure – but losing it is far from the end of the world. So relax. You’re going to be fine – since SSL.com can reissue any certificate you’ve purchased from us, at any time during the purchased term of that certificate, as a completely free service.


 

“When should I have my certificate reissued?”

A real-world enterprise has to consider how it manages the distribution, retrieval and changing of physical locks and keys – a company with many employees and high-priced products will need more control than a one-person kiosk at a weekend flea market.

Similarly, your own circumstances should help suggest how to handle your private key. You should of course always keep transactions involving sensitive data secure, and  since the private key is so vital to this, SSL.com suggests always “re-keying” your certificate if:

  • A security incident occurs (or is believed to have occurred) on your server (or any other computer where the private key is used or stored).
  • A staff member with access to your private key leaves.
  • The private key file is deleted, destroyed or lost.

It is good security practice to rekey your certificates on a regular basis as well. Again, your schedule should reflect the value you place on the assets you are protecting with the certificate.

When rekeying, you will need to generate a new CSR (use the same information as your original request) using a new private key.

The private key is not sent when you submit your CSR to SSL.com, and neither SSL.com nor anyone else should ever have access to your private key.

 

“How do I generate a new CSR?”

Windows users can download our SSL Manager tool to help streamline this process. Alternatively, use one of the helpful tutorial articles from our knowledge base to guide you. (If you have any questions or need assistance just contact us via live chat at SSL.com or email us at support@ssl.com.)