Support / KnowledgeBase

 
Search the KnowledgeBase Search

HOWTO: Installing a new 3rd Party SSL

  • Applies to: All Service Types

  • Difficulty: Easy

  • Time needed: 5 minutes

  • Tools needed: None

 
Although we offer GeoTrust QuickSSL certificates on all of our (mt) hosting services, you can always order your own SSL certificate from a different vendor (GoDaddy, Verisign, Thawte, etc). Regardless of which provider you choose, the steps are the same on this side:
  1. Generate CSR
  2. Submit CSR to 3rd Party CA and fills out appropriate forms
  3. Receive Certificate (and Chain Cert if applicable) from CA
  4. Import Certificate (and Chain Cert if applicable)

FAQ

Q: I have followed your article and the certificate reports the error "Invalid/Unrecognized Certificate." How can I fix this?
A: This usually happens when your Third-party SSL requires a Chain Certificate.

Details to accomplish this on specific service packages are specified below.
(gs) Grid-Service
(dv) Dedicated-Virtual Server
(ss) Shared-Server


(gs) Grid-Service

  1. Generate CSR
    • Log into your AccountCenter
    • Select your (gs) primary domain.
    • Select  "SSL Certificate"




    • Select "generate new CSR"
    • Fill out the "Certificate Signing Request Information" fields. This is the information that will be used to generate the CSR. Contact your SSL vendor if you have any questions as to how to fill these fields out since they will be the entity that verifies your company's information prior to assigning the SSL certificate.




    • When all the fields above are filled in, select the "generate" button.
    • The next page will have a section labeled "CSR". In a window to the right of this label, you will find the generated CSR. You can copy the CSR from here and paste it into the proper field in the next step. Make sure you copy the entire CSR including the Leading and ending lines.




  2. Submit the CSR to your 3rd Party CA and fill out the appropriate forms
    • Log into AccountCenter
    • Select your (gs) primary domain.
    • Select "SSL Certificate"
    • Select "view current csr"
    • Obtain the CSR you generated in "step 1" above. Your Certificate Authority (CA) of choice will require you to submit the CSR and fill out forms on their webpage. Please follow their instructions carefully and submit the CSR in the appropriate fields.
    • When you are asked for the 'Web Server Software' type, enter 'Apache' (for Verisign), 'Apache_OpenSSL' (for Thawte), or 'Apache + Open SSL' (for GeoTrust).
  3. Receive Certificate (and Chain Cert if applicable) from CA
    • After you have submitted the CSR to your CA, the next step is to wait for them to process your request and send you the actual SSL certificate.
    • Depending on your vendor, they may send you a Certificate accompanied by one or several Chain Certificates.
    • If you do not receive your certificate in a timely manner, please contact your CA regarding the status of your SSL order.
    • Once you receive your SSL certificate, proceed to step 4.
  4. Import Certificate (and Chain Cert if applicable)
    • Log into AccountCenter
    • Select (gs) primary domain
    • Select "SSL Certificate"
    • Select "import certificate"
    • Open your SSL with a plain text editor
    • Copy the certificate from the text editor and paste it in the "Certificate" field in your (gs) AccountCenter.




    • If you were also given any Chain Certificates by your CA:
      • Open all your assigned Chain Certificates with a text editor
      • Copy and paste their contents into "CA/Chain Certificate" field.
        • If more than one Chain Certificate provided, make sure to paste them all into this field one after the other.
    • Select the save button.
      • Once your certificate(s) is/are imported, the process is complete
        • Please note: Although your new SSL certificate loads immediately on the (gs), upon completing the process above, your site gets reassigned to a unique IP address. Please allow up to 24 hours for propagation before using your new SSL certificate.
        • If your DNS is being handled elsewhere, please make sure to update your records to reflect the IP changes to your site.
          • You will find any IP updates in your AccountCenter under "DNS Zone- Edit Zone"
This completes the process for the (gs).



(dv) Dedicated-Virtual Server

SSL certificates need to be assigned to their own unique IP. If you are hosting more than one domain on your (dv) service, you will need to purchase an IP address solely for the domain associated with this SSL certificate. You may do so by submitting a support request from within your AccountCenter. We recommend you do this prior to beginning the following steps.
  1. Generate CSR
    • Log into Plesk.
    • Select "Server"
    • Select "Certificates"




    • Select "Add New Certificate"
    • Fill in the Appropriate fields
      • Assign a name to the certificate by filling out the "Certificate Name" field.
      • Fill out the "Preferences" fields. This is the information that will be used to generate the CSR. Contact your SSL vendor if you have any questions as to how to fill these fields out since they will be the entity that verifies your company's information prior to assigning the SSL certificate.
        • We recommend selecting "2048" in the bits section




      • When all the fields above are filled in, select the "Request" button.
  2. Submit CSR to 3rd Party CA (certificate authority or certification authority) and fill out appropriate forms
    • Log into Plesk.
    • Select "Server"
    • Select "Certificates"
    • Under "Certificate Name", select the name you assigned your CSR in step 1 above.
    • Scroll down to obtain the CSR you generated in step 1 above. Your Certificate Authority (CA) of choice will require you to submit the CSR and fill out forms on their webpage. Please follow their instructions carefully and submit the CSR in the appropriate fields.




    • When you are asked for the 'Web Server Software' type, enter 'Apache' (for Verisign), 'Apache_OpenSSL' (for Thawte), or 'Apache + Open SSL' (for GeoTrust).
  3. Receive Certificate (and Chain Cert if applicable) from CA
    • After you have submitted the CSR to your CA, the next step is to wait for them to process your request and send you the actual SSL certificate.
    • Depending on your vendor, they may send you a Certificate accompanied by one or several Chain Certificates.
    • If you do not receive your certificate in a timely manner, please contact your CA regarding the status of your SSL order.
    • Once you receive your SSL certificate, proceed to step 4.
  4. Import Certificate (and Chain Cert if applicable)
    • Log into Plesk.
    • Select "Server"
    • Select "Certificates"
    • Under "Certificate Name", select the name you assigned your CSR in step 1 above.
    • Open your SSL with a text editor.
    • Copy the certificate from the text editor and paste it in the "Certificate" field within Plesk.




    • If you were also given any Chain Certificates by your CA:
      • Open all your assigned Chain Certificates with a text editor
      • Copy and paste their contents into "CA Certificate" field.
        • If more than one Chain Certificate provided, make sure to paste them all into this field one after the other.
    • Select the save text button.
The process of importing your certificate is now complete. But on the (dv)product line, the following 5 steps are required as well to assign the certificate to a domain.
  1. Provisioning New IP on Server thru Plesk
    (Note: SSL certificates need to be assigned to their own unique IP. If you are hosting more than one domain on your (dv) service, you will need to purchase one solely for the domain associated with this SSL certificate. You may do so by submitting a support request from within your AccountCenter.)
    • Log into Plesk
    • Select "Server"
    • Select "IP Addresses"
      • Note that your new IP is not currently listed
    • Select "Reread IP"
      • This will cause the IP to be listed




  2. Provisioning New IP to Client IP Pool
    • Select "Clients"
    • Select the client that has the domain in question assigned to it.
    • Select "IP Pool"
    • Select "Add New IP Address"
    • Select the newly acquired IP from step 1 above




    • Select "OK" button
      • This now makes the IP available to the Plesk Client
  3. Configure Plesk to join Certificate with Exclusive IP
    • From the last screen in step 2 above(after Selecting "OK" button), select the IP that was just added.
      • If you have closed the window Select
        • Select "Clients"
        • Select the client that has the domain in question assigned to it.
        • Select "IP Pool"
        • Select the IP that was just added.




      • From the dropdown menu, select your new SSL certificate to install.
      • Select "OK" button.




  4. Assign domain to IP (with Cert)
    • Select "Domains"
    • Select the domain that pertains to the new SSL certificate
    • Select "Setup"
    • From the drop down menu, select the newly added IP.




    • Select "OK" button.
  5. DNS Change
    • Login to AccountCenter
    • Select the domain associated with the SSL certificate
    • Under "DNS Zone" select Point to Another Server
    • Along the left side, select the radio button that pertains to the domain in question.
    • Along the right side, select the exclusive IP to point the domain to from the drop down menu.
    • Select the "next" button.




    This completes the process for the (dv)



(ss) Shared-Server

  1. Generate CSR
    • Log into the AccountCenter
    • Select admin for your (ss) account
    • Log into (ss) web control.
    • Select SSL Settings




    • Select Generate
    • Fill out the Generate SSL Certificate fields. This is the information that will be used to generate the CSR. Contact your SSL vendor if you have any questions as to how to fill these fields out since they will be the entity that verifies your companys information prior to assigning the SSL certificate.




    • When all the fields above are filled in, select Save button.
    • The next page will have a section labeled Request. This section will have the generated CSR. You can copy the CSR from here and paste it into the proper field in the next step. Make sure you copy the entire CSR including the Leading and ending lines.




  2. Submit CSR to 3rd Party CA (certificate authority or certification authority) and fills out appropriate forms
    • Log into the AccountCenter
    • Select admin for your (ss) account
    • Log into (ss) web control.
    • Select SSL Settings
    • Obtain the CSR you generated in step 1 above. Your Certificate Authority (CA) of choice will require you to submit the CSR and fill out forms on their webpage. Please follow their instructions carefully and submit the CSR in the appropriate fields.
    • When you are asked for the 'Web Server Software' type, enter 'Apache' (for Verisign), 'Apache_Open SSL' (for Thawte), or 'Apache + Open SSL' (for GeoTrust).
  3. Receive Certificate (and Chain Cert if applicable) from CA
    • After you have submitted the CSR to your CA, the next step is to wait for them to process your request and send you the actual SSL certificate.
    • Depending on your vendor, they may send you a Certificate accompanied by one or several Chain Certificates.
    • If you do not receive your certificate in a timely manner, please contact your CA regarding the status of your SSL order.
    • Once you receive your SSL certificate, proceed to step 4.
  4. Import Certificate (and Chain Cert if applicable)
    • Log into the AccountCenter
    • Select admin for your (ss) account
    • Log into (ss) web control.
    • Select SSL Settings
    • Select Import.
    • Open your SSL with a plain text editor.
    • Copy the certificate from the text editor and paste it in the Certificate field in your (ss) WebControl.
    • Select the save button.
    • If you were also given any Chain Certificates by your CA
      • Log into your AccountCenter
      • Open a Support Request requesting that these Chain Certificates be imported to your service
      • Open all your assigned Chain Certificates with a text editor
      • Copy and paste their contents into your Support Request
      • Submit Support Request. Your certificates will be installed in a timely manner.
        • Once your certificate(s) is/are imported, the process is complete

Please note: your (ss) server reloads at 4:00 am every morning (Pacific Time Zone). After your import process is complete, you will have to wait until this reload happens before you may begin using your SSL certificate.

This completes the process for the (ss).

Revisions:

09-21-2009: More Minor Fixes. Rewrite pending.
07-20-2009: Minor Fixes
 

User Comments

No visitor comments posted. Post a comment

Fields marked with an asterisk(*) are required. Comment on this article

Fill out the form below if you would like to comment on this article.
 
 
 

(code is not case-sensitive)
 
Submit
 

User Opinions (5 Votes)

  • 100%
  • 0%
Was this article helpful?
Rate it
 
 

Continue