Changing SHA1 root to SHA256 root

After ordering your SSL, it’s advisable to change the root from the SHA1 root hash to SHA256 root. It is a simple process that we will lay out below which can be accomplished in just a few short minutes.

Note: If you find you are not comfortable with reissuing your SSL on your own, feel free to contact Cherry Host for assistance.

Step 1. Typically you would need to generate a Certificate Signing Request (CSR). If for some reason you require assistance with generating a CSR, feel free to click here.

Step 2. Access the RapidSSL/GeoTrust User Portal

  1. Browse to
  2. Provide the following info for User Portal:


  • Enter in either the fully qualified domain name (common name) OR Order ID for the SSL certificate.
  • An email address contained on the order records.
  • The 5 digit code from the captcha image.
  1. Depending on the number of orders you have completed, you may see a list. You only need to select Request Access against the current order ID.
  2. You will have an email sent to the technical contact specified above.
  3. Click on the link in the email to enter the User Portal.
  4. Click on the Reissue Certificate option in the left hand column as listed below.
  1. You will now select the authorized approver for the domain.
  1. After selecting this and going to the next page you will now select the new root hash for your certificate.
  2. Select the subscriber Agreement and click Submit.
  3. After the order has been approved, the certificate will be re-issued with the updated root for the SSL.


  • The Common Name can not be changed with a reissue
  • RapidSSL – requires a manual approval through domain authorization e-mail for certificate re-issuance


Share this post

Share on facebook
Share on twitter

Business Address

10221 Buena Vista Ave
Suite A
Santee, CA 92071

Customer Service Hours

Monday – Friday: 9:00AM – 5:00PM
Saturday & Sunday: 11:00AM – 3:00PM

Eastern Standard Time

Cherry Host Portal

Return to Customer Portal