Purchasing an SSL Certificate: Difference between revisions


mNo edit summary
 
(18 intermediate revisions by the same user not shown)
Line 5: Line 5:
== Pricing ==
== Pricing ==


SSL Certificates are $49.00 for 1 year, $93.00 for 2 years for a Single Domain (save $5.00). For a Domain and all it's sub-domains, the cost is $239.00 for 1 year, and $453.00 for 2 years (save $25.00). All prices are in USD.
SSL Certificates are $49.00 for 1 year. For a Domain and all it's sub-domains, the cost is $239.00 for 1 year. All prices are in USD.


== What to expect ==
== What to expect ==


Purchasing an SSL Certificate involves a number of different steps that the purchasee must carry out, fortunately it is a very straightforward process and the number of steps are only due to the layers of security and verification involved in a Secure Socket Layer Certificate. Prior to purchasing the certificate, you will have to submit accurate and real contact information for the domain name to be secured (even if the domain name has public WhoIS Privacy Protection). After purchasing the certificate, you will be sent a verification email, through which you must directly approve the creation of the SSL Certificate.  
Purchasing a SSL Certificate involves a number of different steps that the purchasee must carry out, fortunately it is a very straightforward process and the number of steps are only due to the layers of security and verification involved in a Secure Socket Layer Certificate. Prior to purchasing the certificate, you will have to submit accurate and real contact information for the domain name to be secured (even if the domain name has public WhoIS Privacy Protection). After purchasing the certificate, you may be sent a verification email (if you chose that option or the Auto DNS Verification option wasn't available), through which you must directly approve the creation of the SSL Certificate.  


After you have approved the certificate's creation, there will be up to a '''7 day delay''' while the certificate authority generates the SSL Certificate at all appropriate databases and services. After this delay the certificate's status will change from "pending" to "complete" on the SSL tab of your Bravenet user account, indicating that the certificate has been fully generated and may be installed on your web server.
After certificate's creation has been approved, there will be up to a 72 hour delay while the certificate authority generates the SSL Certificate at all appropriate databases and services. After this delay the certificate's status will change from "pending" to "complete" on the SSL tab of your Bravenet user account, indicating that the certificate has been fully generated and may be installed on your web server. If you used Auto DNS Verification, it will get verified and install automatically within 72 hours. SSL Certificates using Auto DNS Verification will also automatically renew unless recurring billing gets cancelled.


== Instructions ==
== Instructions ==
Line 19: Line 19:
Login to your Bravenet user account, and click to the '''SSL''' tab at the top of your account. This page lists the SSL Certificates that you have purchased through Bravenet; it is not the list of [[How to Setup HTTPS/SSL Certificates|installed SSL Certificates]].
Login to your Bravenet user account, and click to the '''SSL''' tab at the top of your account. This page lists the SSL Certificates that you have purchased through Bravenet; it is not the list of [[How to Setup HTTPS/SSL Certificates|installed SSL Certificates]].


Any purchased SSL Certificates which you have yet to be verified (see following steps), or which are still in the process of being generated by the certificated authority (1 to 24 hour delay), will be listed as ''"pending"''.
Any purchased SSL Certificates which you have yet to be verified (see following steps), or which are still in the process of being generated by the certificated authority (1 to 72 hour delay), will be listed as ''"pending"''.


Click on '''Purchase an SSL Certificate''' to proceed.
Click on '''Purchase an SSL Certificate''' to proceed.
Line 29: Line 29:
''Wildcard'' specifies whether you want to secure only one subdomain (such as "www"), or all possible subdomains, along with the top-level domain name itself.  
''Wildcard'' specifies whether you want to secure only one subdomain (such as "www"), or all possible subdomains, along with the top-level domain name itself.  


''Term'' is the number of years you want to purchase the SSL Certificate for, this dropdown includes proper pricing.
''Term'' is the length of time you are purchasing the SSL Certificate for. It is always 1 year.
 
''Password'' is used to encrypt the private key component of the certificate.
 
'''IMPORTANT:''' We do not store your password and can not reset it if you lose it. Your password will be required to install your SSL certificate on to a web server. Please write down your password and store it in a safe place.


''Email Address'' is the address that the SSL Certificate itself will be emailed to, at final approval and generation of the certificate; so be sure to specify an address that can receive the email safely at that time. The SSL Certificate is sent out to this address at Step #7 below.
''Email Address'' is the address that the SSL Certificate itself will be emailed to, at final approval and generation of the certificate; so be sure to specify an address that can receive the email safely at that time. The SSL Certificate is sent out to this address at Step #7 below.
Line 39: Line 35:
==== 3) Confirm contact details ====
==== 3) Confirm contact details ====


As part of the verification process, please make sure the domain contact information shown here accurately matches the contacts of your domain. If your domain name has any privacy protection, you should submit accurate and real contact information here; do not copy the Privacy Protection Contacts from your domains public WhoIS. Failure to provide real contact information may slow down or prevent your SSL certificate generation.
As part of the Manual Email Verification process, please make sure the domain contact information shown here accurately matches the contacts of your domain. If your domain name has any privacy protection, you should submit accurate and real contact information here; do not copy the Privacy Protection Contacts from your domains public WhoIS. Failure to provide real contact information may slow down or prevent your SSL certificate generation.


''Phone number'' uses the format '''+CCC.NNNNNNNNNNxEEE''', where '''+''' and '''.''' are required characters, ''CC''C represents up-to a 3 digit country code, and ''NNNNNNNNNN'' the area phone number. You can optionally append '''x'''''EEE'', for up to a 3-digit extension code if applicable.
''Phone number'' uses the format '''+CCC.NNNNNNNNNNxEEE''', where '''+''' and '''.''' are required characters, ''CC''C represents up-to a 3 digit country code, and ''NNNNNNNNNN'' the area phone number. You can optionally append '''x'''''EEE'', for up to a 3-digit extension code if applicable.


==== 4) Specify the verification email address ====
==== 4) Specify the Manual verification email address ====


Specify the email that should be used to verify approval of the certificate's generation. This email must exist at the time of the SSL Certificate's purchase. You must create an email address at the domain name itself to receive the contact at, if one does not exist to match the presented options.
Specify the email that should be used to verify approval of the certificate's generation (if you are not using Auto DNS verification). This email must exist at the time of the SSL Certificate's purchase. You must create an email address at the domain name itself to receive the contact at, if one does not exist to match the presented options.


'''''Note:''''' This is not the email address that will be sent the SSL Certificate, although you may use the same address for both. Please see Step #2 above for the email address that will be sent the SSL Certificate, after verification is completed.
'''''Note:''''' This is not the email address that will be sent the SSL Certificate, although you may use the same address for both. Please see Step #2 above for the email address that will be sent the SSL Certificate, after verification is completed.
Line 51: Line 47:
==== 5) Proceed with payment/order submission ====
==== 5) Proceed with payment/order submission ====


After the payment step, you will be sent a verification email with link to begin the validation process.  
After the payment step, you will be sent a verification email with link to begin the validation process (if you used Manual Email Verification, otherwise you can skip steps 6 and 7).


==== 6) Verification link by email ====
==== 6) Verification link by email ====
Line 63: Line 59:
==== 8) Completed SSL Certificate generation ====
==== 8) Completed SSL Certificate generation ====


After approving the creation of the SSL Certificate it will still take 1 to 24 hours for the certificate's generation to be completed and for it to become usable. During this time, the certificates status on the "''SSL"'' tab of your Bravenet user account will list as ''pending''. When the certificate's generation has completed, however, the status will list as ''complete'' and you will be able to install the SSL Certificate on a webserver and begin using it.
After approving the creation of the SSL Certificate it will take up to 72 hours for the certificate's generation to be completed and for it to become usable. During this time, the certificates status on the "''SSL"'' tab of your Bravenet user account will list as ''pending''. When the certificate's generation has completed, however, the status will list as ''complete'' and you will be able to install the SSL Certificate on a webserver and begin using it.


==== 9) Install the SSL Certificate ====
==== 9) Install the SSL Certificate ====


The final step is to install the SSL Certificate on the webserver. The "''SSL"'' tab of your Bravenet user account has an ''"install"'' button (for Bravehost sites) which will auto-fill most of the information for you, requiring only that you type the certificate's password to complete installation. If your trying to install on to a Site Builder site, you would have to use the ''"Add SSL"'' option under the "''Site Builder"'' tab beside the website in question.
The final step is to install the SSL Certificate on the webserver. If you used Auto DNS Verification, the SSL Certificate will be installed automatically, otherwise the "''SSL"'' tab of your Bravenet user account has an ''"install"'' link (for Bravehost sites) which will install it for you. If you're trying to install on to a Site Builder site, you would have to use the ''"Add SSL"'' option under the "''Site Builder"'' tab beside the website in question.


The certificate is now installed and ready to go. For it to do its work, your visitors first need to be visiting your site using https://. Your site can redirect all visitors to https. This is done automatically for Site Builder sites. However, for Bravehost FTP based sites an additional step is required.
The certificate is now installed and ready to go. For it to do its work, your visitors first need to be visiting your site using https://. Your site can redirect all visitors to https. This is done automatically for Site Builder sites. However, for Bravehost FTP based sites an additional step is required.
Line 73: Line 69:
To do this, please create a text file named ".htaccess" in your website's folder. If one is already there, you can just add to it. Please insert the  
To do this, please create a text file named ".htaccess" in your website's folder. If one is already there, you can just add to it. Please insert the  
following:
following:
<pre style="word-break:break-word; white-space: pre-wrap;">
<pre style="word-break:break-word; white-space: pre-wrap;">
# Redirects http:// traffic to https://
# Redirects http:// traffic to https://
Line 80: Line 75:
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]  
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]  
</pre>
</pre>


Once done, run your webpage through https://whynopadlock.com/ and see if any "mixed content" errors show up: these can be fixed by opening your webpage and replacing every "http://" you see in the code with "https://".
Once done, run your webpage through https://whynopadlock.com/ and see if any "mixed content" errors show up: these can be fixed by opening your webpage and replacing every "http://" you see in the code with "https://".

Latest revision as of 16:09, 3 May 2021

What is it?

A SSL Certificate tells customers your website really is who it claims to be and makes your website have HTTPS in the URL which ensures communication to/from your site is more secure. Whether your site accepts credit card payments or just collects customer data via email forms, taking steps to show your customers that your site is legitimate and safe is vital to the success of your business. Purchasing an SSL Certificate is a great step towards that.

Pricing

SSL Certificates are $49.00 for 1 year. For a Domain and all it's sub-domains, the cost is $239.00 for 1 year. All prices are in USD.

What to expect

Purchasing a SSL Certificate involves a number of different steps that the purchasee must carry out, fortunately it is a very straightforward process and the number of steps are only due to the layers of security and verification involved in a Secure Socket Layer Certificate. Prior to purchasing the certificate, you will have to submit accurate and real contact information for the domain name to be secured (even if the domain name has public WhoIS Privacy Protection). After purchasing the certificate, you may be sent a verification email (if you chose that option or the Auto DNS Verification option wasn't available), through which you must directly approve the creation of the SSL Certificate.

After certificate's creation has been approved, there will be up to a 72 hour delay while the certificate authority generates the SSL Certificate at all appropriate databases and services. After this delay the certificate's status will change from "pending" to "complete" on the SSL tab of your Bravenet user account, indicating that the certificate has been fully generated and may be installed on your web server. If you used Auto DNS Verification, it will get verified and install automatically within 72 hours. SSL Certificates using Auto DNS Verification will also automatically renew unless recurring billing gets cancelled.

Instructions

1) SSL Tab

Login to your Bravenet user account, and click to the SSL tab at the top of your account. This page lists the SSL Certificates that you have purchased through Bravenet; it is not the list of installed SSL Certificates.

Any purchased SSL Certificates which you have yet to be verified (see following steps), or which are still in the process of being generated by the certificated authority (1 to 72 hour delay), will be listed as "pending".

Click on Purchase an SSL Certificate to proceed.

2) Purchase SSL Certificate

Domain Name is the top-level domain name you wish to have secured; if you wish to secure an explicit subdomain, a la "example.domain.com", instead of the default "www.domain.com", then you should type here the subdomain name.

Wildcard specifies whether you want to secure only one subdomain (such as "www"), or all possible subdomains, along with the top-level domain name itself.

Term is the length of time you are purchasing the SSL Certificate for. It is always 1 year.

Email Address is the address that the SSL Certificate itself will be emailed to, at final approval and generation of the certificate; so be sure to specify an address that can receive the email safely at that time. The SSL Certificate is sent out to this address at Step #7 below.

3) Confirm contact details

As part of the Manual Email Verification process, please make sure the domain contact information shown here accurately matches the contacts of your domain. If your domain name has any privacy protection, you should submit accurate and real contact information here; do not copy the Privacy Protection Contacts from your domains public WhoIS. Failure to provide real contact information may slow down or prevent your SSL certificate generation.

Phone number uses the format +CCC.NNNNNNNNNNxEEE, where + and . are required characters, CCC represents up-to a 3 digit country code, and NNNNNNNNNN the area phone number. You can optionally append xEEE, for up to a 3-digit extension code if applicable.

4) Specify the Manual verification email address

Specify the email that should be used to verify approval of the certificate's generation (if you are not using Auto DNS verification). This email must exist at the time of the SSL Certificate's purchase. You must create an email address at the domain name itself to receive the contact at, if one does not exist to match the presented options.

Note: This is not the email address that will be sent the SSL Certificate, although you may use the same address for both. Please see Step #2 above for the email address that will be sent the SSL Certificate, after verification is completed.

5) Proceed with payment/order submission

After the payment step, you will be sent a verification email with link to begin the validation process (if you used Manual Email Verification, otherwise you can skip steps 6 and 7).

6) Verification link by email

You have been sent an email with a link to begin the validation process, at the email address specified in Step #4. Click the link. You will be taken to the certificate authority's website, where you must approve the creation of the SSL certificate directly. If you do not see a verification email within 1 hour after payment, please check your junk mail folder or contact support for more information.

7) Approve the certificate's creation

Click I Approve on the certificate authority's verification webpage, so that the certificate generation may proceed. You will then be sent a final email from the certificate authority, to the email address specified in Step #2 above, with the SSL Certificate contained within the email. Generation will still take anywhere from 1 to 24 additional hours to complete.

8) Completed SSL Certificate generation

After approving the creation of the SSL Certificate it will take up to 72 hours for the certificate's generation to be completed and for it to become usable. During this time, the certificates status on the "SSL" tab of your Bravenet user account will list as pending. When the certificate's generation has completed, however, the status will list as complete and you will be able to install the SSL Certificate on a webserver and begin using it.

9) Install the SSL Certificate

The final step is to install the SSL Certificate on the webserver. If you used Auto DNS Verification, the SSL Certificate will be installed automatically, otherwise the "SSL" tab of your Bravenet user account has an "install" link (for Bravehost sites) which will install it for you. If you're trying to install on to a Site Builder site, you would have to use the "Add SSL" option under the "Site Builder" tab beside the website in question.

The certificate is now installed and ready to go. For it to do its work, your visitors first need to be visiting your site using https://. Your site can redirect all visitors to https. This is done automatically for Site Builder sites. However, for Bravehost FTP based sites an additional step is required.

To do this, please create a text file named ".htaccess" in your website's folder. If one is already there, you can just add to it. Please insert the following:

# Redirects http:// traffic to https://
# Bravenet uses a reverse proxy, hence X-Forwarded-Proto
RewriteCond %{HTTP:X-Forwarded-Proto} !https
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301] 

Once done, run your webpage through https://whynopadlock.com/ and see if any "mixed content" errors show up: these can be fixed by opening your webpage and replacing every "http://" you see in the code with "https://".

This should be all you need to get things going.

You can find more information on how to setup/install an SSL Certificate on your webserver here