Contact us at |support@ssldragon.com

Installation

The reissue of an SSL certificate means its replacement with a new SSL. The reissued SSL certificate will only be valid until the expiration of the original certificate.

You will need to request the reissue of your SSL certificate in any one of the following situations:

  • You have lost the private key for the certificate;
  • You have changed your web server/hosting provider;
  • You have changed your contact information and you need to update it on your certificate;
  • You feel that your private key is compromised.

The reissue of your SSL certificate is free of charge.

Two great tools to check how well your SSL Certificate is installed are:
1) SSL Server Test
2) Why No Padlock?

You only have to paste your https URL to get a free report and an A++ to F grade on your SSL Certificate installation. These tools will tell you what are the vulnerabilities of your SSL Certificate installation, and will offer you detailed information on how to fix them.

We also recommend you to read our article called: How to move your website from HTTP to HTTPS easily and with no pain.

There are many different ways to install an SSL Certificate, and they all depend on your SSL Certificate brand, the webserver type, the operating system on your server, and the web hosting panel that you have on your server.

These being said, please check our Installation Articles to get detailed instructions on how to install your SSL Certificate on about 44 different server types, hosting panels, and operating systems.

Also, here are links to documentation on how to install your SSL Certificate on your server, based on the SSL Certificate brand that you have:
Sectigo
Thawte/RapidSSL/GeoTrust/DigiCert
GoGetSSL

We always recommend you get specialized help with your SSL Certificate installation. If you have a web developer or a system engineer, then they would be the right people to help you with your SSL Certificate installation.

You can get the SSL Certificate from your SSL Dragon account by following the next steps:
1) Log into your SSL Dragon account;
2) Go to Services;
3) Then go to My Services;
4) You will see the list of products which you bought from us. Click on the SSL Certificate which you bought;
5) When you are on the SSL Certificate page, scroll down, and you will see the codes that the SSL Certificate is made of.

The 3 large pieces of codes that you will see are:
1) The CSR code is the one which you generated along with your Private Key, and which you used to configure your SSL Certificate. If you need this code as a file, you can copy and paste this code in Notepad, and then save it as a .csr format file.
2) The CRT code which is your actual SSL Certificate code. Save this one as a .crt format file.
3) The CA Bundle code has the root and intermediate certificates in it. Save this one as a .ca-bundle format file.

You won’t be able to find your Private Key inside your SSL Dragon account, because we don’t have it, and we don’t store it. Private Keys are private, and it is only you who should have it. If you cannot find your Private Key, we recommend reading this article so as it may help you to find it, or generate a new one.

  1. One of the most common reasons why a website which has an SSL Certificate installed continues to show as insecure, is that your website continues to pull content, images or videos from unsecured HTTP links. You need to change all the links that you are pulling content from to HTTPS links, and your website will start showing as secure immediately.
  2. The second most common reason why a website may show insecure although you installed an SSL Certificate on it is that your server is outdated and/or doesn’t support the latest TLS settings requirements.
  3. The third most common reason why a website may show as insecure although you installed an SSL Certificate on it, is that you and other visitors continue to open your website through an unsecured HTTP link. You should put a redirect in the server configuration file or in the site’s htaccess file, so that whoever enters your website by typing “www.mywebiste.com” should be automatically redirected to https://www.mywebsite.com. With other words, you should put a redirect that sends all users to your secured site. Here are some articles on how to do this.
  4. You also might be missing the CA-bundle/Intermediate/Root SSL Certificates.
  5. Another problem might be the incorrect SSL installation

All 5 reasons and any other can be revealed by checking how well was your SSL installed using these tools: SSL Server Test and Why No Padlock? 

They will offer you a free report on your SSL Certificate installation along with detailed information on how to fix any vulnerabilities.

Also, we recommend you to read our article called: How to move your website from HTTP to HTTPS easily and with no pain. The article goes even further and comes with many more recommendations on what to check and do to have your website open from an HTTPS link correctly.

You can find detailed documentation about the SSL Certificates’ best installation practices at SSL Labs.

You can download the SSL Certificate directly from the SSL Certificate page within your SSL Dragon account.

Simply use the Download Intermediate/Chain and Download Certificate buttons.

Or you can use the Send Certificate button, too.

We provide you the SSL Certificate in the exact same format in which we get it from the Certificate Authority.

Also, you can use any text editing tool such as Notepad and create the actual files that you need:

Go to your SSL Dragon account, then to your SSL Certificate details page, you will find the 3 large pieces of codes that your SSL Certificate is made of:

  1. The CSR code is the one which you generated along with your Private Key, and which you used to configure your SSL Certificate. If you need this code as a file, you can copy and paste this code in Notepad, and then save it as a .csr format file.
  2. The CRT code which is your actual SSL Certificate code. Save this one as a .crt format file.
  3. The CA Bundle code has the root and intermediate certificates in it. Save this one as a .ca-bundle format file.

You won’t be able to find your Private Key inside your SSL Dragon account, because we don’t have it, and we don’t store it. Private Keys are private, and it is only you who should have it. If you cannot find your Private Key, we recommend reading this article so as it may help you to find it, or generate a new one.

Some servers and hosting companies may require you to submit your SSL Certificate in a different format than the original format in which your SSL Certificate was provided to you. Here are some links with instructions on how to convert an SSL Certificate to different file formats:

SSL convertor – various formats
Guide to convert SSL into various formats
CRT to PFX format conversion

1. Get PFX from CRT and txt containing private key for Azure
2. Bind an existing custom SSL certificate to Azure Web Apps
3. Exporting the SSL Certificate as a PFX file from IIS server
4. Convert your certificate to PFX

Convert .CRT to.CER file

It is easy to switch from .CRT format to .CER format. They are basically interchangeable. You can change the SSL Certificate extension/format by going with the steps written below:

  1. Copy and paste the CRT code which you got from your SSL Certificate’s details page in your SSL Dragon account and use Notepad to create a mywebsite.crt file from it;
  2. Double click on the mywebsite.crt file to open it and see the certificate being displayed;
  3. Click on the “Details” button, and then click on the button that says “Copy to File”;
  4. When you are on the Certificate Wizard, click “Next”;
  5. Then select Base-64 encoded X.509 (.CER), then click “Next” again;
  6. Click on “Browse” to choose the location where you want to save the converted file, and enter the desired name for your file (e.g.: mywebsite.cer);
  7. Finally, click “Save”, and you will have the .CRT to .CER conversion complete;
  8. You can get the mywebsite.cer file from the folder where you selected to save it to.

If you go to your SSL Dragon account, then to your SSL Certificate details page, you will find the 3 large pieces of codes that your SSL Certificate is made of:

1) The CSR code is the one which you generated along with your Private Key, and which you used to configure your SSL Certificate.
2) The CRT code which is your actual SSL Certificate code.
3) The CA Bundle code contains the root and intermediate certificates in it. 

Also, if you need more root and intermediate certificates for Sectigo, you can find them all at this link.

After installing an SSL Certificate on your website, you can also let your visitors and customers know that your website is secure by adding a site seal somewhere on a prominent place on your website. You can choose to place the site seal in the footer of your website, or on the checkout page where customers have to enter their credit card information, or in both these places.

Site seals are of two types: static and dynamic. All Domain Validation SSL Certificates come with a static site seal, which is basically an image. All Business Validation and Extended Validation SSL Certificates come with a dynamic site seal that can be hovered or clicked on, and they will show the name of your company, will confirm that your website was issued a legitimate SSL Certificate, and will prove that your website belongs to your company.


Site Seals for RapidSSL SSL Certificates 

If you purchased an SSL issued by RapidSSL, you can get your site seal at the following link:
https://knowledge.rapidssl.com/support/ssl-certificate-support/index?page=content&id=SO14424


Site Seals for GeoTrust SSL Certificates 

If you purchased an SSL issued by GeoTrust, you can get your site seal at the following link:
https://www.geotrust.com/support/seal/agreement/installation-instructions/


Site Seals for Thawte SSL Certificates 

If you purchased an SSL issued by Thawte, you can get your site seal at the following link:
https://www.thawte.com/ssl/secured-seal/installation-agreement/


Site Seals for DigiCert SSL Certificates 

If you purchased an SSL issued by DigiCert, you can get your site seal at the following link:
https://www.digicert.com/site-seal-conversion-rate-benefits.htm


Sectigo Site Seals 

If you purchased a Sectigo SSL  you can download the dynamic site seal at the following link:  https://sectigo.com/trust-seal


GoGetSSL Site Seals 

If you purchased a GoGetSSL SSL  you can download the dynamic site seal at the following link https://www.gogetssl.com/wiki/installation/gogetssl-site-seal-installation/

Sometimes, the SSL Certificate which was issued to you does not match the Private Key which you are trying to use when installing that SSL Certificate on your server. That is a common user generated error.

If the system says there is a mismatch, then you need to double check the CSR and Private Key which you generated, and which came together. You need to make sure that you used that specific CSR when you configured your SSL Certificate. When the SSL Certificate is issued, you need to use the Private Key that pairs with that specific CSR.

We see customers making the mistake where they generate one CSR and Private Key, then configure the SSL Certificate with a different CSR that is server generated. In that case the server generated CSR pairs with its own Private Key which you most probably don’t have.

The Private Key which you have works only with the CSR that it came with. Also, the Private Key which you have works only with the SSL Certificate that was configured using the CSR that pairs with that Private Key.

Solution

To solve this, you need to re-configure (re-issue) your SSL Certificate using a CSR code for which you have the Private Key that it pairs with. You may want to use a CSR code that your server provides, or generate a new CSR and Private Key.

You can install your Sectigo CPAC Certificate as soon as it has been issued to you.

Here are installation instructions for different browsers, email clients, and mobile devices provided by Sectigo:

We provide little to no support on how to install an SSL Certificate. There are countless combinations of “hosting providers X hosting panels X operating systems X web servers types  X technologies X release versions” for us to be able to provide support for all of them.

Also, there are too many factors to take into consideration when installing an SSL Certificate for the setup to be correct and secure. These being said, we politely prefer to decline to offer any SSL installation instructions over the phone, email or ticketing system.

Here are two links where you can start the research on how to use your SSL Certificate with Outlook / Office 365:
https://www.ssldragon.com/contacts/faq/#collapse-11423
https://www.ssldragon.com/contacts/faq/#collapse-15534
– https://www.ssldragon.com/blog/category/installation/

There is a lot of information online on your particular server setup, so you may want to look into that as well. Alternatively, we recommend hiring a web developer or a system engineer who has installed SSL Certificates many times before.