Replace CSR automatically revoked our certificate

We are planning to launch our site tomorrow Monday and switched OS’s a few days ago (went from Ubuntu to CentOS). We transfered all Comodo certificate files (and our key) to the new server setup however we were having issues when viewing the site…it was saying the site is authorized by unknown etc. So we assumed we needed to generate a new CSR due to the OS change etc. (not the case we found out) and in doing so it revoked our certificate (frustrating, one would think the certificate would not be revoked until the new one is authorized especially if there is no reason to revoke it thus there is no down time in service). We later found out that CentOS’s httpd has another file that was overriding our settings for the SSL certificate, now we are stuck attempting to launch tomorrow…with no valid certificate for our site. We have attempted to contact Comodo support but no one is in on Sunday it seems. Is there any way to “un-revoke” the original certificate?

Hello,

You’re going to want to submit a support ticket via https://support.comodo.com and someone can issue your replaced certificate. You’ll just need to provide your domain name or order number in the support ticket. You might want to bring up about the old certificate being revoked and ask Tech Support to check the CRL for your existing certificate as it shouldn’t be on the CRL.

Also, the “Authorized by Unknown” you speak of is a Firefox 3 feature. – How do I tell if my connection to a website is secure? | Firefox Help

Just got your voicemail so I have everything I need. Unfortunately, your “old” certificate is on the CRL and I do apologize about that. Since this is an EV certificate, I’ll get your voicemail to the EV department and they can handle it further.

You can still use your “old” certificate, but it will come up revoked on the site. If you get that message, you know the certificate is set up correctly. Then when you get this new certificate, it’ll just be a simple edit in your conf file(s).

Thanks for the quick response Sal! How long can I expect it to take to get the certificate off of the CRL or the new one so I can let my business partners know. I will put the old certificate back and see if we can still use the site in the mean time. Thanks!

Looks like we will have to use the self signed cert for now as firefox won’t load the page due to the cert being revoked.

Once a certificate hits the CRL, it can’t be taken off. The new certificate should be available between now and 4a. The EV department is closed during the weekends.