Installation

The reissue of an SSL certificate means its replacement with a new SSL. The reissued SSL certificate will only be valid until the expiration of the original certificate.

You will need to request the reissue of your SSL certificate in any one of the following situations:

  • You have lost the private key for the certificate;
  • You have changed your web server/hosting provider;
  • You have changed your contact information and you need to update it on your certificate;
  • You feel that your private key is compromised.

The reissue of your SSL certificate is free of charge.

Two great tools to check how well your SSL Certificate is installed are:
1) SSL Server Test
2) Why No Padlock?

You only have to paste your https URL to get a free report and an A++ to F grade on your SSL Certificate installation. These tools will tell you what are the vulnerabilities of your SSL Certificate installation, and will offer you detailed information on how to fix them.

We also recommend you to read our article called: How to move your website from HTTP to HTTPS easily and with no pain.

There are dozens of different ways to install an SSL Certificate, and they all depend on what SSL Certificate brand you have, the type of web server that you have, the operating system on your server, or the web hosting administration panel that you have installed on your server.

Here are links to documentation on how to install your SSL Certificate on your server, based on the SSL Certificate brand that you have:
Comodo
Thawte
GeoTrust
RapidSSL
Symantec

We always recommend you to get specialized help with you SSL Certificate installation. If you have a web developer, or a system engineer, then they would be the right people to help you with your SSL Certificate installation.

If you want us to do the SSL Certificate installation for you, then we can definitely do that. We offer SSL Certificate installation services to our customers for a flat rate of $49.99 per domain per server.

You can get the SSL Certificate from your SSL Dragon account by following the next steps:
1) Log into your SSL Dragon account;
2) Go to Services;
3) Then go to My Services;
4) You will see the list of products which you bought from us. Click on the SSL Certificate which you bought;
5) When you are on the SSL Certificate page, scroll down, and you will see the codes that the SSL Certificate is made of.

The 3 large pieces of codes that you will see are:
1) The CSR code is the one which you generated along with your Private Key, and which you used to configure your SSL Certificate. If you need this code as a file, you can copy and paste this code in Notepad, and then save it as a .csr format file.
2) The CRT code which is your actual SSL Certificate code. Save this one as a .crt format file.
3) The CA Bundle code has the root and intermediate certificates in it. Save this one as a .ca-bundle format file.

You won’t be able to find your Private Key inside your SSL Dragon account, because we don’t have it, and we don’t store it. Private Keys are private, and it is only you who should have it. If you cannot find your Private Key, we recommend reading this article so as it may help you to find it, or generate a new one.

One of the most common reasons why a website which has an SSL Certificate installed continues to show as insecure, is that your website continues to pull content, images or videos from unsecured HTTP links. You need to change all the links that you are pulling content from to HTTPS links, and your website will start showing as secure immediately.

The second most common reason why a website may show as insecure though you installed an SSL Certificate on it, is that you and other visitors continue to enter your website on an unsecured HTTP link. You should put a redirect in the server configuration file or in the site’s htaccess file, so that whoever enters your website by typing “www.mywebiste.com” should be automatically redirected to https://www.mywebsite.com. With other words, you should put a redirect that sends all users to your secured site. Here are some articles on how to do this.

We recommend you to read our article called: How to move your website from HTTP to HTTPS easily and with no pain. The article goes even further and comes with many more recommendations on what to check and do to have your website open from an HTTPS link correctly.

Another problem might be the incorrect SSL installation. You can check how well was your SSL installed using these tools: SSL Server Test and Why No Padlock? They will offer you a free report on your SSL Certificate installation and detailed information on how to fix any vulnerabilities.

 

 

You can find detailed documentation about the SSL Certificates’ best installation practices at SSL Labs.

There is no place in your SSL Dragon account where you can download the SSL Certificate from. We provide you the SSL Certificate in the exact same form in which we get it from the Certificate Authority.

Anyway, if you need your SSL Certificate as actual files, then you can use any text editing tool such as Notepad and create the actual files that you need.

If you go to your SSL Dragon account, then to your SSL Certificate details page, you will find the 3 large pieces of codes that your SSL Certificate is made of:
1) The CSR code is the one which you generated along with your Private Key, and which you used to configure your SSL Certificate. If you need this code as a file, you can copy and paste this code in Notepad, and then save it as a .csr format file.
2) The CRT code which is your actual SSL Certificate code. Save this one as a .crt format file.
3) The CA Bundle code has the root and intermediate certificates in it. Save this one as a .ca-bundle format file.

You won’t be able to find your Private Key inside your SSL Dragon account, because we don’t have it, and we don’t store it. Private Keys are private, and it is only you who should have it. If you cannot find your Private Key, we recommend reading this article so as it may help you to find it, or generate a new one.

Some servers and hosting companies may require you to submit your SSL Certificate in a different format than the original format in which your SSL Certificate was provided to you. Here are some links with instructions on how to convert an SSL Certificate to different file formats:

PFX – PVK / SPC file converter

1. Click here to download the converter

CRT to PFX format conversion

1. Get PFX from CRT and txt containing private key for Azure
2. Bind an existing custom SSL certificate to Azure Web Apps
3. Exporting the SSL Certificate as a PFX file from IIS server
4. Convert your certificate to PFX

Convert .CRT to.CER file

It is easy to switch form .CRT format to .CER format. They are basically interchangeable. You can change the SSL Certificate extension / format by going with the steps written below:

  1. Copy and paste the CRT code which you got from your SSL Certificate’s details page in your SSL Dragon account and use Notepad to create a mywebsite.crt file from it;
  2. Double click on the mywebsite.crt file to open it and see the certificate being displayed;
  3. Click on the “Details” button, and then click on the button that says “Copy to File”;
  4. When you are on the Certificate Wizard, click “Next”;
  5. Then select Base-64 encoded X.509 (.CER), then click “Next” again;
  6. Click on “Browse” to choose the location where you want to save the converted file, and enter the desired name for your file (e.g.: mywebsite.cer);
  7. Finally, click “Save”, and you will have the .CRT to .CER conversion complete;
  8. You can get the mywebsite.cer file from the folder where you selected to save it to.

If you go to your SSL Dragon account, then to your SSL Certificate details page, you will find the 3 large pieces of codes that your SSL Certificate is made of:

1) The CSR code is the one which you generated along with your Private Key, and which you used to configure your SSL Certificate.
2) The CRT code which is your actual SSL Certificate code.
3) The CA Bundle code contains the root and intermediate certificates in it. 

Also, if you need more root and intermediate certificates for Comodo, you can find them all at this link.

After installing an SSL Certificate on your website, you can also let your visitors and customers know that your website is secure by adding a site seal somewhere on a prominent place on your website. You can choose to place the site seal in the footer of your website, or on the checkout page where customers have to enter their credit card information, or in both these places.

Site seals are of two types: static and dynamic. All Domain Validation SSL Certificates come with a static site seal, which is basically an image. All Business Validation and Extended Validation SSL Certificates come with a dynamic site seal which can be hovered or clicked on, and they will show the name of your company, will confirm that your website was issued a legitimate SSL Certificate, and will prove that your website belongs to your company.


Site Seals for RapidSSL SSL Certificates 

If you purchased an SSL issued by RapidSSL, you can get your site seal at the following link:
https://knowledge.rapidssl.com/support/ssl-certificate-support/index?page=content&id=SO14424


Site Seals for GeoTrust SSL Certificates 

If you purchased an SSL issued by GeoTrust, you can get your site seal at the following link:
https://www.geotrust.com/support/seal/agreement/installation-instructions/


Site Seals for Thawte SSL Certificates 

If you purchased an SSL issued by Thawte, you can get your site seal at the following link:
https://www.thawte.com/ssl/secured-seal/installation-agreement/


Site Seals for Symantec SSL Certificates 

If you purchased an SSL issued by Symantec, you can get your site seal at the following link:
https://www.symantec.com/ssl/seal-agreement/install.jsp


Comodo Dynamic Site Seals for Business Validation and Extended Validation SSL Certificates

If you purchased a Comodo SSL with Business or Extended Validation you can download the dynamic site seal at the following link: https://trustlogo.com/trustlogo_choice.html


Comodo Static Site Seals for Domain Validation SSL Certificates 

If you bought a Domain Validation SSL Certificate from Comodo, it comes with a static site seal. You can see 7 examples of Comodo static site seals which you can use at the following link: https://www.ssldragon.com/site-seals/

If you need the site seals as HTML codes, then here are the codes that you can put on your website:

Comodo Secure – green static seal:

Comodo PositiveSSL – orange static seal:

Comodo PositiveSSL – green static seal:

Comodo Secure – red static seal:

Comodo Secure – red static seal with text:

Comodo Secure – red, large static seal:

Comodo Secure – square static seal:

Sometimes, the SSL Certificate which was issued to you does not match the Private Key which you are trying to use when installing that SSL Certificate on your server. That is a common user generated error.

If the system says there is a mismatch, then you need to double check the CSR and Private Key which you generated, and which came together. You need to make sure that you used that specific CSR when you configured your SSL Certificate. When the SSL Certificate is issued, you need to use the Private Key that pairs with that specific CSR.

We see customers making the mistake where they generate one CSR and Private Key, then configure the SSL Certificate with a different CSR that is server generated. In that case the server generated CSR pairs with its own Private Key which you most probably don’t have.

The Private Key which you have works only with the CSR that it came with. Also, the Private Key which you have works only with the SSL Certificate that was configured using the CSR that pairs with that Private Key.

Solution

To solve this, you need to re-configure (re-issue) your SSL Certificate using a CSR code for which you have the Private Key that it pairs with. You may want to use a CSR code that your server provides, or generate a new CSR and Private Key.