SSL Installation

The reissue of an SSL certificate means its replacement with a new SSL. The reissued SSL certificate will only be valid until the expiration of the original certificate.

You will need to request the reissue of your SSL certificate in any one of the following situations:

  • You have lost the private key for the certificate;
  • You have changed your web server/hosting provider;
  • You have changed your contact information and you need to update it on your certificate;
  • You feel that your private key is compromised.

The reissue of your SSL certificate is free of charge.

Two great tools to check how well your SSL Certificate is installed are:
1) SSL Server Test
2) Why No Padlock?

You only have to paste your https URL to get a free report and an A++ to F grade on your SSL Certificate installation. These tools will tell you what are the vulnerabilities of your SSL Certificate installation, and will offer you detailed information on how to fix them.

We also recommend you to read our article called: How to move your website from HTTP to HTTPS easily and with no pain.

There are dozens of different ways to install an SSL Certificate, and they all depend on what SSL Certificate brand you have, the type of web server that you have, the operating system on your server, or the web hosting administration panel that you have installed on your server.

Here are links to documentation on how to install your SSL Certificate on your server, based on the SSL Certificate brand that you have:
Comodo
Thawte
GeoTrust
RapidSSL
Symantec

We always recommend you to get specialized help with you SSL Certificate installation. If you have a web developer, or a system engineer, then they would be the right people to help you with your SSL Certificate installation.

If you want us to do the SSL Certificate installation for you, then we can definitely do that. We offer SSL Certificate installation services to our customers for a flat rate of $49.99 per domain per server.

You can get the SSL Certificate from your SSL Dragon account by following the next steps:
1) Log into your SSL Dragon account;
2) Go to Services;
3) Then go to My Services;
4) You will see the list of products which you bought from us. Click on the SSL Certificate which you bought;
5) When you are on the SSL Certificate page, scroll down, and you will see the codes that the SSL Certificate is made of.

The 3 large pieces of codes that you will see are:
1) The CSR code is the one which you generated along with your Private Key, and which you used to configure your SSL Certificate. If you need this code as a file, you can copy and paste this code in Notepad, and then save it as a .csr format file.
2) The CRT code which is your actual SSL Certificate code. Save this one as a .crt format file.
3) The CA Bundle code has the root and intermediate certificates in it. Save this one as a .ca-bundle format file.

You won’t be able to find your Private Key inside your SSL Dragon account, because we don’t have it, and we don’t store it. Private Keys are private, and it is only you who should have it. If you cannot find your Private Key, we recommend reading this article so as it may help you to find it, or generate a new one.

One of the most common reasons why a website which has an SSL Certificate installed continues to show as insecure, is that your website continues to pull content, images or videos from unsecured HTTP links. You need to change all the links that you are pulling content from to HTTPS links, and your website will start showing as secure immediately.

The second most common reason why a website may show as insecure though you installed an SSL Certificate on it, is that you and other visitors continue to enter your website on an unsecured HTTP link. You should put a redirect in the server configuration file or in the site’s htaccess file, so that whoever enters your website by typing “www.mywebiste.com” should be automatically redirected to https://www.mywebsite.com. With other words, you should put a redirect that sends all users to your secured site. Here are some articles on how to do this.

We recommend you to read our article called: How to move your website from HTTP to HTTPS easily and with no pain. The article goes even further and comes with many more recommendations on what to check and do to have your website open from an HTTPS link correctly.

Another problem might be the incorrect SSL installation. You can check how well was your SSL installed using these tools: SSL Server Test and Why No Padlock? They will offer you a free report on your SSL Certificate installation and detailed information on how to fix any vulnerabilities.

 

 

You can find detailed documentation about the SSL Certificates’ best installation practices at SSL Labs.

There is no place in your SSL Dragon account where you can download the SSL Certificate from. We provide you the SSL Certificate in the exact same form in which we get it from the Certificate Authority.

Anyway, if you need your SSL Certificate as actual files, then you can use any text editing tool such as Notepad and create the actual files that you need.

If you go to your SSL Dragon account, then to your SSL Certificate details page, you will find the 3 large pieces of codes that your SSL Certificate is made of:
1) The CSR code is the one which you generated along with your Private Key, and which you used to configure your SSL Certificate. If you need this code as a file, you can copy and paste this code in Notepad, and then save it as a .csr format file.
2) The CRT code which is your actual SSL Certificate code. Save this one as a .crt format file.
3) The CA Bundle code has the root and intermediate certificates in it. Save this one as a .ca-bundle format file.

You won’t be able to find your Private Key inside your SSL Dragon account, because we don’t have it, and we don’t store it. Private Keys are private, and it is only you who should have it. If you cannot find your Private Key, we recommend reading this article so as it may help you to find it, or generate a new one.

Some servers and hosting companies may require you to submit your SSL Certificate in a different format than the original format in which your SSL Certificate was provided to you. Here are some links with instructions on how to convert an SSL Certificate to different file formats:

PFX – PVK / SPC file converter

1. Click here to download the converter

CRT to PFX format conversion

1. Get PFX from CRT and txt containing private key for Azure
2. Bind an existing custom SSL certificate to Azure Web Apps
3. Exporting the SSL Certificate as a PFX file from IIS server
4. Convert your certificate to PFX

Convert .CRT to.CER file

It is easy to switch form .CRT format to .CER format. They are basically interchangeable. You can change the SSL Certificate extension / format by going with the steps written below:

  1. Copy and paste the CRT code which you got from your SSL Certificate’s details page in your SSL Dragon account and use Notepad to create a mywebsite.crt file from it;
  2. Double click on the mywebsite.crt file to open it and see the certificate being displayed;
  3. Click on the “Details” button, and then click on the button that says “Copy to File”;
  4. When you are on the Certificate Wizard, click “Next”;
  5. Then select Base-64 encoded X.509 (.CER), then click “Next” again;
  6. Click on “Browse” to choose the location where you want to save the converted file, and enter the desired name for your file (e.g.: mywebsite.cer);
  7. Finally, click “Save”, and you will have the .CRT to .CER conversion complete;
  8. You can get the mywebsite.cer file from the folder where you selected to save it to.

If you go to your SSL Dragon account, then to your SSL Certificate details page, you will find the 3 large pieces of codes that your SSL Certificate is made of:

1) The CSR code is the one which you generated along with your Private Key, and which you used to configure your SSL Certificate.
2) The CRT code which is your actual SSL Certificate code.
3) The CA Bundle code contains the root and intermediate certificates in it. 

Also, if you need more root and intermediate certificates for Comodo, you can find them all at this link.

It is possible that this situation happened to you too. You ordered a Comodo InstantSSL with Free EV, you passed the Extended Validation process, Comodo sent you an email where they told you that your certificate was issued successfully, and when you install your Comodo InstantSSL with Free EV, your website shows as secured by an SSL, but doesn’t show a green bar and doesn’t show your company name in the URL bar as it should. Here’s why:

The Comodo InstantSSL with Free EV comes in two parts:
1) Comodo InstantSSL – which is a Business Validation certificate;
2) The “Free EV” part of the certificate – which is an Extended Validation (Green Bar) SSL certificate.

Comodo issues both parts of the certificate and offers them to us. Sometimes Comodo issues the Comodo InstantSSL (Business Validation) certificate first, and then the “Free EV” certificate comes several hours later.

So as Comodo announced you about the certificate being issued, you probably got it and installed it on your website. The thing is that you got the Comodo InstantSSL (Business Validation) certificate and installed it, and that is why your website doesn’t show a green bar and your company name in the browser’s URL bar.

Once you notify us about this problem, we place an internal request in our system, and we double check if the “Free EV” certificate was offered to us. If we find that the “Free EV” certificate was issued and reached our system, then we announce you about that, and you have to go to your SSL Dragon account and get your updated “Free EV” certificate from there.

If we see that the “Free EV” certificate did not reach our system yet, then we place an internal request with Comodo for them to provide the “Free EV” certificate to us, and it usually takes a few hours for the “Free EV” certificate to come up. When that happens, your current Comodo InstantSSL (Business Validation) certificate is automatically replaced with the “Free EV” certificate, and we send you an email message notifying you about that.

It is possible that this situation happened to you too. You ordered a Comodo InstantSSL with Free EV, you passed the validation process, Comodo sent you an email where they told you that your certificate was issued successfully, but when you go to your SSL Dragon account to get your SSL Certificate you still see it as “processing”. Here is why:

The Comodo InstantSSL with Free EV comes in two parts:
1) Comodo InstantSSL – which is a Business Validation certificate;
2) The “Free EV” part of the certificate – which is an Extended Validation (Green Bar) SSL certificate.

Sometimes Comodo issues the Comodo InstantSSL (Business Validation) certificate first, and then the “Free EV” certificate comes later. When buying a Comodo InstantSSL with Free EV, customers expect to get the EV Certificate. That is why, most of the times we only display the SSL certificate in users’ accounts when the “Free EV” part of the certificate is ready.

So as Comodo announced you about the certificate being issued, and so as you do not see the SSL Certificate as issued in your SSL Dragon account, in most cases it means that Comodo issued only the Comodo InstantSSL (Business Validation) certificate, and they did not issue the final “Free EV” certificate that we are expecting to get.

We recommend you to contact Comodo and ask them about the status of your “Free EV” certificate and see if there is anything else that is needed from your side for the “Free EV” certificate to be issued. Many times Comodo will ask you to do call back phone verification process for the Comodo InstantSSL (Business Validation) certificate, which you already did if you got an email from them saying that your certificate was issued. But when you talk to them on the phone, you they will ask you to do another call back phone verification process for the “Free EV” certificate.

You can contact Comodo Validation Department at one of the following two numbers:
– USA: +1 (888) 266-6361 Ext. 4
– International: +1 (703) 581- 6361 Ext. 4

Once you pass the second call back phone verification process for the “Free EV” certificate, your Comodo InstantSSL with Free EV will be issued within 1 business day. This being said, we recommend checking your SSL Dragon account the next day, and you should see your Comodo InstantSSL with Free EV as issued.

After installing an SSL Certificate on your website, you can also let your visitors and customers know that your website is secure by adding a site seal somewhere on a prominent place on your website. You can choose to place the site seal in the footer of your website, or on the checkout page where customers have to enter their credit card information, or in both these places.

Site seals are of two types: static and dynamic. All Domain Validation SSL Certificates come with a static site seal, which is basically an image. All Business Validation and Extended Validation SSL Certificates come with a dynamic site seal which can be hovered or clicked on, and they will show the name of your company, will confirm that your website was issued a legitimate SSL Certificate, and will prove that your website belongs to your company.


Site Seals for RapidSSL SSL Certificates 

If you purchased an SSL issued by RapidSSL, you can get your site seal at the following link:
https://knowledge.rapidssl.com/support/ssl-certificate-support/index?page=content&id=SO14424


Site Seals for GeoTrust SSL Certificates 

If you purchased an SSL issued by GeoTrust, you can get your site seal at the following link:
https://www.geotrust.com/support/seal/agreement/installation-instructions/


Site Seals for Thawte SSL Certificates 

If you purchased an SSL issued by Thawte, you can get your site seal at the following link:
https://www.thawte.com/ssl/secured-seal/installation-agreement/


Site Seals for Symantec SSL Certificates 

If you purchased an SSL issued by Symantec, you can get your site seal at the following link:
https://www.symantec.com/ssl/seal-agreement/install.jsp


Comodo Dynamic Site Seals for Business Validation and Extended Validation SSL Certificates

If you purchased a Comodo SSL with Business or Extended Validation you can download the dynamic site seal at the following link: https://trustlogo.com/trustlogo_choice.html


Comodo Static Site Seals for Domain Validation SSL Certificates 

If you bought a Domain Validation SSL Certificate from Comodo, it comes with a static site seal. You can see 7 examples of Comodo static site seals which you can use at the following link: https://www.ssldragon.com/site-seals/

If you need the site seals as HTML codes, then here are the codes that you can put on your website:

Comodo Secure – green static seal:
<a href=”https://www.ssldragon.com/” target=”_blank”;”><img src=”https://www.ssldragon.com/site-seals/comodo-secure-green.png” border=”0” /></a>

Comodo PositiveSSL – orange static seal:
<a href=”https://www.ssldragon.com/” target=”_blank”;”><img src=”https://www.ssldragon.com/site-seals/comodo-positive-ssl-new.png” border=”0” /></a>

Comodo PositiveSSL – green static seal:
<a href=”https://www.ssldragon.com/” target=”_blank”;”><img src=”https://www.ssldragon.com/site-seals/comodo-positive-ssl.png” border=”0” /></a>

Comodo Secure – red static seal:
<a href=”https://www.ssldragon.com/” target=”_blank”;”><img src=”https://www.ssldragon.com/site-seals/comodo-site-seal.png” border=”0” /></a>

Comodo Secure – red static seal with text:
<a href=”https://www.ssldragon.com/” target=”_blank”;”><img src=”https://www.ssldragon.com/site-seals/comodo-secure-text.png” border=”0” /></a>

Comodo Secure – red, large static seal:
<a href=”https://www.ssldragon.com/” target=”_blank”;”><img src=”https://www.ssldragon.com/site-seals/comodo_secure_large.png” border=”0” /></a>

Comodo Secure – square static seal:
<a href=”https://www.ssldragon.com/” target=”_blank”;”><img src=”https://www.ssldragon.com/site-seals/comodo-site-seal-secure.jpg” border=”0” /></a>