Jump to: navigation, search

How to Setup HTTPS/SSL Certificates

Please see this page for help with Purchasing an SSL Certificate. Of course, we do include support for you to add your SSL Certificates to your account and set them up with your FTP hosted domains/sites. If you don't already have one, you can get a free compatible certificate from StartSSL: http://www.startssl.com/?app=1

Site builder SSL Issue

If you have purchased an SSL certificate for your domain that is attached to a Site Builder website. Please contact support for assistance in installing the certificate for your domain as it must be installed manually by Bravenet technician.


Certificate Requirements

For SSL Certificates to be compatible with a Bravenet-hosted website, they must be x509 certificates, in the .pem format.

You will need to ensure that you have the domain registered (either with us, or as an external domain) before you can load the certificate. You will also want your certificates to cover both www.yourdomain.com and yourdomain.com (most SSL providers will include yourdomain.com if you certify www.yourdomain.com). You will also need a Bravenet Pro account to utilize SSL Certificates.

Server and User Considerations

On the server-side, Bravenet HTTPS protocols are facilitated/provided through a reverse proxy powered by Nginx.

End-user browsers must support SNI (Server Name Indication) to be compatible with SSL Certificates. By default, most browsers provide SNI support, but some do not.

Intermediate Certificates

SSL Certificates purchased through Bravenet include an appropriate intermediate certificate included in the SSL Certificate itself.

The implementation of intermediate certificates will vary between every certificate provider, and so it is difficult if not impossible to provide instructions that will work for configuring the intermediate certificate in every other circumstance. An intermediate certificate is only necessary for some end-users, yet the SSL Certificate itself can work fine without the intermediate component in many environments/browsers/configurations.

Of course, to ensure your site is as fully compatible with HTTPS protocol and possible end-user/browser configurations as possible, you should include the intermediate certificate if it is provided/encouraged by the certificate provider.

The intermediate certificate is appended to the SSL certificate itself, so that when end-users connect to the site they download both the certificate and the provider's intermediate certificate. The intermediate ticket is essentially a packet of additional certificate authentication that can be (optionally) included with the SSL certificate.

Setup the SSL Certificate

  1. Log in to your Bravenet user account.
  2. Click to the Web Hosting tab from the top of the page.
  3. Click on the SSL Certificates button.
  4. If you were provided the certificate as separate files, click the Upload Files radio button.
    1. Click Choose File by Certificate, and navigate to the certificate file (extension .pem or .crt usually).
    2. Click Choose File by Private Key, and navigate to the key file (extension .key usually).
  5. If instead you have the cert as plaintext, select the Paste Text radio button.
    1. Click into the Certificate text field, and paste the certificate code, including and starting at the line -----BEGIN CERTIFICATE----- and ending with and including -----END CERTIFICATE-----
      1. If have an intermediate certificate, you insert it here:
      2. With the certificate code inside the text field, click to the end of the pasted certificate code.
      3. Copy your intermediate certificate code, including and starting at the BEGIN and END certificate lines.
      4. Paste this intermediate certificate code immediately beneath the (primary) certificate code, within the same text field. So that the next line immediately after the first END CERTIFICATE line, is the second BEGIN CERTIFICATE line.
    2. Click into the Private Key text field, and paste the key code, including and starting at the line -----BEGIN RSA PRIVATE KEY----- and ending with and including -----END RSA PRIVATE KEY-----
  6. Enter the certificates password if there is one. If not, leave the field empty.
  7. Click on Add Certificate to finalize the certificate.