From August 19th 2020, SECTIGO issues SSL certificates with a maximum lifetime of 398 days (13 months) as specified by CA/Browser consortium. SSL certificates with a longer lifetime must be re-issued annually (free of charge). You'll receive reminders via e-mail. SSL certificates issued before August 19th 2020 remain valid until their planned expiry date. Code Signing & S/MIME certificates are not affected and remain valid until their planned expiry date.

Code Sigining: CSR Generation (how to generate a CSR for Code Signing locally on your computer)

In the past, Code Signing requests automatically created a CSR/KEY pair inside your browser. Newer browsers don't support this feature anymore, unfortunately.

Fortunately there is an alternative and you can locally create a CSR/KEY pair and copy/paste the CSR when submitting your Code Signing request. After purchasing a code signing certificate and opening the configuration page, click "configure certificate" and when the request form is shown, simply chose "Manually Enter My CSR" and create the CSR on your computer locally, e.g. using java keystore tool:

keytool -genkey -alias server -keyalg RSA -keysize 4096 -keystore keystore.jks

Alternatively, you can use openssl:

openssl genrsa -out private-key.key 4096
openssl req -new -key private-key.key -out csr.txt

Please make sure the "COMMON NAME (CN)" is showing your correct Company Name (e.g. "Acme Ltd"), despite the other address data. For Indie Developers, please enter your first- and lastname instead.

Was this answer helpful?

 Print this Article

Also Read

Multidomain SAN Upgrade: is it possible to purchase additional SAN slots later?

Yes, it is possible to increase the SAN slot count for an existing multi-domain SSL certificate....

Retrieving WHOIS contact details for .de Domains will also sohw the owner contact details (Linux command line...

How do i create /.well-known/pki-validation/... ?

For File Based Authentication, please create a folder structure "/.well-known/pki-validation/"...

Multi-Domain (SAN) certificates: will "" and "" count as two SAN entries?

When using multi-domain SSL certificates www and non-www versions of the domain name are...

Plesk DNS CNAME Validation for PositiveSSL / EssentialSSL / InstantSSL / Sectigo EV ...

The following Screenshot shows how the CNAME DNS entries "CNAME Alias" and "CNAME Point To" need...