Complete All Steps Every Time You Renew Your SSL Certificate
- If you are a website hosting client of ours and we’re handling your SSL certificate, then this does not pertain to you since you’re paying us to handle this for you. We may need you to confirm something from time to time but that’s all you really have to do.
- If you are a website hosting client of ours and you are providing your own SSL certificate, then the information on this page is for you. It’s just a few tips to make sure that your SSL certificate is renewed properly and so that your SSL certificate does not expire, causing a warning to pop up in people’s browsers.
After You Pay for the Renewal, You’re NOT Done
We had a client who paid for her SSL certificate renewal at GoDaddy and she thought she was done. We later looked at her website and noticed her SSL certificate was expired. GoDaddy doesn’t do a great job explaining what needs to be done after you purchase an SSL certificate from them. What we need is to have the new certificate generated and then put on our server – you can read more about that procedure below. Just know that after you pay for it, you are NOT done and more steps need to take place.
The Private Certificate and CSR
This is where it gets a little geeky and technical. Grab a cup of coffee.
There are a few parts to an SSL certificate:
- Private key
- Public key
- Certificate Authority (CA) / Intermediate Certificate (sometimes this is optional)
You should never, ever send around your private key. You guard that with your life, pretty much. If you have to send it around, make sure you do it securely – even offline is a good idea (use a flash drive).
In order to generate the public key, you use a Certificate Authority. They’re the company that issues the SSL certificate (which is really the public key part of it). You can use major ones like Thawte, Comodo, GeoTrust, Network Solutions, GoDaddy (Starfield), Trustwave or any well known company.
Since you can’t send the private key, what you send them is something called a CSR which is a certificate request. It’s just text and it’s encrypted but it has enough information in it so that they can generate a public key that pairs with the private key. You get the CSR from the host typically – so from us (Webstix).
Submit that and then they will generate the public key.. Sometimes you get the CA certificate as well. It’s usually all in one zip file, so just send that to us. If you have a choice of which version of certificates to get, then please choose “Apache” as the certificate type. That is what we need. Also, we’ll need one that 2048 bit but that’s actually the minimum you can get now, so this isn’t a factor.
You can also send us the website SSL seal, which is an image stating the brand of certificate you’re using. Your website visitors will like seeing extra banners/badges like this that state your website is protected.
You can safely send that zip file around – so you can do it via email or other ways.
Getting an SSL certificate sounds a little tricky and quite honestly, it can get a little hairy. If you choose an SSL certificate that’s at a higher level, then you’ll have to jump through more hoops and send them more information about your company proving who you are and so forth. If you run an e-commerce website doing a lot of transactions or a higher dollar amount per transaction, then you may want to consider getting a higher level of SSL certificate to better prove to your customers that you are who you say you are and to provide more confidence.
If you get stuck along the way and you’re a client of ours, then please contact us for help. Talk to your Support Representative on our Support Team.