Common Issues With A PKI Certificate Update

There are some very important reasons to choose a Certificate Authority (CA) very carefully. One is the issue with the upgrading of software, particularly for browsers and devices.

Not all Certificate Authorities have their root certificates embedded or installed in the trust store of the browsers and devices. This can lead to complications when there is new software installed on the device, but the PKI certificate update doesn't happen automatically.

This can create a situation where the certificates will have to be entered into the device or browser trust center or certificate store again. Not only is this time consuming, but it also may create a very real security issue. If people enter a certificate into their trust store without verifying the CA, they may be installing a fraudulent SSL/TLS certificate that could create a very real risk for hacking or breach of the system's security.

With Comodo, this is not an issue. We are the leading Trust Provider for online SSL/TLS products from digital certificates for personal use with email to specialized products like our UC certificate that is designed for use with Microsoft Exchange and Office Communications servers.

Our SSL/TLS products and digital certificates are recognized by 99.9% of browsers and devices. This makes it very easy to choose our products, complete the Certificate Signing Request or application and the complete the install. To make it even easier our support team and technical team are here to help at every step along the way and throughout the life cycle of the certificate.

Update and Renewal

What tends to cause confusion is the use of the term PKI certificate update. In fact, these certificates will not need to be updated within their lifecycle. What will happen is the SSL (Secure Sockets Layer) cert will be issued for a specific period of time. This period of time will be determined at the time you submit the Certificate Signing Request for a domain product or the application for a Personal Authentication, Email or Client cert.

To clarify, the domain SSL/TLS products provide security for a specific domain, main domain and subdomains or group of main and subdomains. This ensures safe and encrypted transfer of information between the website and the server or between servers.

With the Personal Authentication, Email and Client certs there is style encryption using Public Key Infrastructure the same as the domain certs. However, these provide the option to also digitally sign the email. This is a completely different feature than offered for domain security products.

The digital signature is used to ensure the authenticity of the sender, non-repudiation of the email and contents, and integrity of the information sent in the email and any attachments that are digitally signed. This is required to allow these types of email transfers to be used for legal documents that meet all the security standards required.

Regardless of the type of digital cert, when people talk about a PKI certificate update they are most likely referring to a renewal. The renewal needs to happen before the expiration date on the current certificate to avoid a breach in the encryption (and possible digital signatures) that the cert provides.

What to Do

Comodo will send an email about 60 days before the cert is expiring to let you know that it will need to be renewed. At this time, you may want to consider not a PKI certificate update, but rather an upgrade to a higher validation level or a different certificate to better meet your needs.

Renewal will require generating a new Certificate Signing Request for a domain cert. Once this is done, you can use your current Comodo account to submit the application. In just a few minutes you will have the files needed to complete the install.

With a Personal Authentication Certificates for a business using the EPKI Manager or the Enterprise Public Key Infrastructure Manager or the Comodo Certificate Manager will keep all of the domain and email certs organized. It will also notify you of any pending expiring certificates and allow you to order the certs from the Manager, saving time and streamlining the entire process.

While you will never need a PKI certificate update, Comodo is here to assist with any upgrades, different options or renewal questions you may have. If you want to speak to a sales team member in person give us a call at +1 888 266 6361. We can also discuss volume sales if you require large numbers of certs for employees, domains and clients.

For only help visit us at and just click on the Live Chat icon on any page.

Related Articles
Back to TOP