Loading...

Knowledge Base

SSL Certificate: Installation Steps

Securing your website with an SSL certificate ensures trust and Security for your website visitors. This article provides step-by-step guidance on installing SSL certificates through your Account Manager.

In this article, we will discuss:

How to Purchase SSL

Take the following steps:

  1. Login to your Account Manager.
  2. Click Marketplace under SSL Certificate, and press CHOOSE YOUR PLAN.

    scripting config

  3. This will give you a summary of services offered under the SSL Certificate.
  4. Review and choose the right SSL Plan and features you need. Click BUY NOW.

    scripting config

  5. Click BUY NOW.
  6. Proceed with the checkout and payment.

After purchasing an SSL, please proceed to the section How to Configure SSL.

How to Configure SSL

The configuration of the SSL will cover 3 main steps, and they are as follows:

  1. Configure Domain 
  2. Provide CSR 
  3. Provide Validation Information 

Step 1: Configure Domain 

  1. If you are not automatically redirected to the Account Manager after an SSL Purchase, please log in to your Account Manager.
  2. Click Security on the left navigation menu. 
  3. If you have more than one SSL certificate in your account, choose a package name and click the vertical ellipsis under Actions to Manage or see the product details.

    Note: The SSL Control Panel will open in a new browser window. If your browser has pop-up blocking activated, please modify your browser settings.
  4. You will then be asked to assign a domain name.
     
    Important: Ensure you issue your SSL to the exact version of the domain or subdomain you want to assign it to (e.g., example.com, www.example.com, or store.example.com). 
  5. Once you have entered the domain name, re-enter the domain name one last time. 
    Note: The SSL Control Panel will open in a new browser window. If your browser has pop-up blocking activated, please modify your browser settings.
     
  6. The system would perform a verification check to see if the domain entered is assigned as a domain pointer to a hosting package managed by Web.com. If Domain.com does not host your website, you will be asked to choose a server type and input a CSR (Certificate Signing Request). 

If the domain is pointed to our hosting, the server type is determined by the package it is assigned to (Windows- IIS or UNIX- Apache). Moreover, the CSR for your shared hosting package is generated automatically on the back end and attached to the validation request so the certificate files can be created post-validation. 

Step 2: Provide CSR 

The CSR is the key to the SSL certificate. It houses everything about the server, organization, domain, private key, and encryption strength related to the SSL. It is the basis for how the SSL installation files are created and what dictates the handshake to make the secure connection through the browser session. 

If a 3rd party provider hosts your website, you are responsible for providing the CSR for validation. If Domain.com hosts your website, this step is already taken care of on the back end during the configuration process. 

Follow the steps below if Domain.com does not host your website, but you have purchased our SSL product: 

  1. Select the server software type provided by your current hosting provider. 
  2. Enter the CSR your current hosting provider provided into the Enter CSR From Web Host field. 
  3. Click the Continue button.

    scripting config

Step 3: Provide Validation Information 

  1. Now that you have assigned your domain and provided your CSR select and create a validation email address to receive the validation code and confirmation URL.

    scripting config

Note: If you have enabled Private Domain Registration on your domain, we do not advise you to disable the PDR to complete the validation process. Disabling Private Domain Registration will expose your contact information in WHOIS. Other methods of validation outside of email verification are available. You must configure email validation first; the support agent can change your method.

Other Validation Methods 

HTTP/.txt file—When Web.com manages all certificate components (Domain, Hosting, and SSL), we will automatically create a .txt file based on the MD5hash and SHA256 components of the CSR and upload it to the webspace via FTP. This method allows this file to be verified and expedites SSL issuance. (You can also create this manually and upload it.) 

CNAME—This method is becoming the preferred method due to the challenges with email. You will be provided with a CNAME to be added to your DNS Zone provider, or our support agent can assist you in updating your DNS records if your website is hosted by Web.com. You or our support agent can add the CNAME via the Account Manager for verification and SSL issuance. Please see the section on how to update CNAME Records for Validation.

Completing Validation Next Steps for Domain Validation Certificates 

Validating Email 

After completing the steps, you will receive an email containing a secure link to activate validation to generate the SSL and issue the files. Clicking the link will notify the Validation team within an hour of the confirmation being complete. 

Validating via CNAME 

For each SSL validation request, a unique CNAME is generated. Our support agent will provide you with the CNAME and inform you of the next steps. No email confirmation is needed to validate via CNAME. The validation team may take 1-2 hours to confirm this. Please see the How to Update CNAME Records for the Validation section. 

Validating via HTTP TXT File 

A special unique MD5 Hash Code is generated for each SSL validation request. Our support agent will take this information and create a .txt file to upload into your FTP site files. No email confirmation is needed to validate via HTTP. It may take 1-2 hours for the Validation team to confirm this. 

Additional Steps for Organization, Extended Validation, and Wildcard SSL 

In addition to the steps listed for Domain Validation certificates, additional information will be required for OV and EV certificates. OV and EV will require an additional form to be filled out, including details associated with the business or organization, which will be included in the files issued for the SSL. All fields are required unless specifically noted. 

Completing Validation Next Steps OV, EV, or Wildcard Certificates 

Validating Via Email 

After completing the steps, you will receive an email containing a secure link to activate validation to generate the SSL and issue the files. Clicking the link will notify the Validation team within an hour of the confirmation being complete. 

Validating via CNAME 

A special unique CNAME is generated for each SSL validation request. Our support agent will provide you with the CNAME and inform you of the next steps. No email confirmation is needed to validate via CNAME. It may take 1-2 hours for the Validation team to confirm this. Please see How to Update CNAME Records for Validation

Validating via HTTP TXT File 

A special unique MD5 Hash Code is generated for each SSL validation request. Our support agent will take this information and create a .txt file to upload into your FTP site files. No email confirmation is needed to validate via HTTP. It may take 1-2 hours for the Validation team to confirm this.

Validating via Phone Call 

In addition to the validation steps via email, CNAME, or .txt file, you will need to respond to an email that triggers a phone verification call. This automated call is triggered by clicking a link in the phone verification email. Once you click the link, an autodialer will make a call and provide you with a PIN. 

Timeframes 

After the configuration and validation steps are completed, the files will be issued and uploaded to your Account Manager. You will also be notified via email. The SSL validation and issuance timeframe depends on the SSL type and how quickly you complete the validation steps.

Note: You can check the Status of your SSL certificate within the SSL Control Panel. Click on the Status Definitions link to learn more about the Status of your SSL certificate.

scripting config

How to Update CNAME Records for Validation 

Important
  • The steps below only apply if Web.com hosts your website. If it is not hosted by Domain.com, you must contact your current hosting provider to add the CNAME records provided by our support agent.   
  • Please contact support to get your CNAME records. You can contact support via chat by going to www.domain.com and clicking the Contact Us icon. Please indicate that you are validating your SSL Certificate via CNAME validation. 
  • Once you receive an email with the CNAME information, follow the steps below to enter the records into your DNS manager. If Domain.com does not host you, you must add the CNAME records to your DNS provider.

To update your CNAME records via the Account Manager, follow these steps: 

  1. Click Domains on the left menu. 
  2. Select the domain assigned to your SSL certificate. 
  3. Scroll down to Advanced Tools and click MANAGE beside Advanced DNS Records

    A pop-up may show saying, "Only advanced users should make updates to their Advanced DNS Manager. Changes to these settings may cause you to lose access to your email and websites." 
  4. Click Continue to proceed. 
  5. Click on the + ADD RECORD button. 
  6. In the Add Advanced DNS Records pop-up: 

    • Select CNAME as the Type
    • Select Other Host in the Refers to drop-down. 
    • Add the Host Name (Host) and Alias (Points to) provided by our support agent via email or chat. Please see the screenshot below of an example of a CNAME record sent via email. 

    Important: Include the underscore "_" at the beginning of the Alias and ensure no extra spaces exist in both the Host Name and Alias.
    • Set the TTL to 2 Hours, which is the recommended value. 

    Note:
    If you are re-issuing or revalidating an SSL Certificate, replace the old record with the new CNAME record. However, if you are unsure if you should remove your existing CNAME record, consult with your DNS provider to ensure you are not removing your records unnecessarily. 

  7. Click the ADD button. 

    Note: CNAME validation may take 24-48 hours based on DNS propagation.
Note: If you are re-issuing or revalidating an SSL Certificate, replace the old one with the new CNAME one. However, if you are unsure if you should remove your existing CNAME record, consult with your DNS provider to ensure you are not removing your records unnecessarily.

Loading...