Purchasing an SSL Certificate


What is it?

A SSL Certificate tells customers your website really is who it claims to be and makes your website have HTTPS in the URL which ensures communication to/from your site is more secure. Whether your site accepts credit card payments or just collects customer data via email forms, taking steps to show your customers that your site is legitimate and safe is vital to the success of your business. Purchasing an SSL Certificate is a great step towards that.

Pricing

SSL Certificates are $49.00 for 1 year. For a Domain and all it's sub-domains, the cost is $239.00 for 1 year. All prices are in USD.

What to expect

Purchasing a SSL Certificate involves a number of different steps that the purchasee must carry out, fortunately it is a very straightforward process and the number of steps are only due to the layers of security and verification involved in a Secure Socket Layer Certificate. Prior to purchasing the certificate, you will have to submit accurate and real contact information for the domain name to be secured (even if the domain name has public WhoIS Privacy Protection). After purchasing the certificate, you will be sent a verification email (if you chose that option or the Auto DNS Verification option wasn't available), through which you must directly approve the creation of the SSL Certificate.

After you have approved the certificate's creation, there will be up to 72 hour delay while the certificate authority generates the SSL Certificate at all appropriate databases and services. After this delay the certificate's status will change from "pending" to "complete" on the SSL tab of your Bravenet user account, indicating that the certificate has been fully generated and may be installed on your web server. If you used Auto DNS Verification, it will get verified and install automatically within 72 hours. SSL Certificates using Auto DNS Verification will also automatically renew unless recurring billing gets cancelled.

Instructions

1) SSL Tab

Login to your Bravenet user account, and click to the SSL tab at the top of your account. This page lists the SSL Certificates that you have purchased through Bravenet; it is not the list of installed SSL Certificates.

Any purchased SSL Certificates which you have yet to be verified (see following steps), or which are still in the process of being generated by the certificated authority (1 to 72 hour delay), will be listed as "pending".

Click on Purchase an SSL Certificate to proceed.

2) Purchase SSL Certificate

Domain Name is the top-level domain name you wish to have secured; if you wish to secure an explicit subdomain, a la "example.domain.com", instead of the default "www.domain.com", then you should type here the subdomain name.

Wildcard specifies whether you want to secure only one subdomain (such as "www"), or all possible subdomains, along with the top-level domain name itself.

Term is the length of time you are purchasing the SSL Certificate for. It is always 1 year.

Password is used to encrypt the private key component of the certificate.

IMPORTANT: We do not store your password and can not reset it if you lose it. Your password will be required to install your SSL certificate on to a web server. Please write down your password and store it in a safe place.

Email Address is the address that the SSL Certificate itself will be emailed to, at final approval and generation of the certificate; so be sure to specify an address that can receive the email safely at that time. The SSL Certificate is sent out to this address at Step #7 below.

3) Confirm contact details

As part of the Manual Email Verification process, please make sure the domain contact information shown here accurately matches the contacts of your domain. If your domain name has any privacy protection, you should submit accurate and real contact information here; do not copy the Privacy Protection Contacts from your domains public WhoIS. Failure to provide real contact information may slow down or prevent your SSL certificate generation.

Phone number uses the format +CCC.NNNNNNNNNNxEEE, where + and . are required characters, CCC represents up-to a 3 digit country code, and NNNNNNNNNN the area phone number. You can optionally append xEEE, for up to a 3-digit extension code if applicable.

4) Specify the Manual verification email address

Specify the email that should be used to verify approval of the certificate's generation (if you are not using Auto DNS verification). This email must exist at the time of the SSL Certificate's purchase. You must create an email address at the domain name itself to receive the contact at, if one does not exist to match the presented options.

Note: This is not the email address that will be sent the SSL Certificate, although you may use the same address for both. Please see Step #2 above for the email address that will be sent the SSL Certificate, after verification is completed.

5) Proceed with payment/order submission

After the payment step, you will be sent a verification email with link to begin the validation process (if you chose Manual Email Verification, otherwise you can skip steps 6 and 7).

6) Verification link by email

You have been sent an email with a link to begin the validation process, at the email address specified in Step #4. Click the link. You will be taken to the certificate authority's website, where you must approve the creation of the SSL certificate directly. If you do not see a verification email within 1 hour after payment, please check your junk mail folder or contact support for more information.

7) Approve the certificate's creation

Click I Approve on the certificate authority's verification webpage, so that the certificate generation may proceed. You will then be sent a final email from the certificate authority, to the email address specified in Step #2 above, with the SSL Certificate contained within the email. Generation will still take anywhere from 1 to 24 additional hours to complete.

8) Completed SSL Certificate generation

After approving the creation of the SSL Certificate it will take up to 72 hours for the certificate's generation to be completed and for it to become usable. During this time, the certificates status on the "SSL" tab of your Bravenet user account will list as pending. When the certificate's generation has completed, however, the status will list as complete and you will be able to install the SSL Certificate on a webserver and begin using it.

9) Install the SSL Certificate

The final step is to install the SSL Certificate on the webserver. The "SSL" tab of your Bravenet user account has an "install" button (for Bravehost sites) which will auto-fill most of the information for you, requiring only that you type the certificate's password to complete installation. If you're trying to install on to a Site Builder site, you would have to use the "Add SSL" option under the "Site Builder" tab beside the website in question. If you used Auto DNS Verification the SSL Certificate will be installed automatically.

The certificate is now installed and ready to go. For it to do its work, your visitors first need to be visiting your site using https://. Your site can redirect all visitors to https. This is done automatically for Site Builder sites. However, for Bravehost FTP based sites an additional step is required.

To do this, please create a text file named ".htaccess" in your website's folder. If one is already there, you can just add to it. Please insert the following:

# Redirects http:// traffic to https://
# Bravenet uses a reverse proxy, hence X-Forwarded-Proto
RewriteCond %{HTTP:X-Forwarded-Proto} !https
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301] 

Once done, run your webpage through https://whynopadlock.com/ and see if any "mixed content" errors show up: these can be fixed by opening your webpage and replacing every "http://" you see in the code with "https://".

This should be all you need to get things going.

You can find more information on how to setup/install an SSL Certificate on your webserver here