Installation
Two great tools to check how well your SSL Certificate is installed are:
1) SSL Server Test
2) Why No Padlock?
You only have to paste your https URL to get a free report and an A++ to F grade on your SSL Certificate installation. These tools will tell you what are the vulnerabilities of your SSL Certificate installation, and will offer you detailed information on how to fix them.
We also recommend you to read our article called: How to move your website from HTTP to HTTPS easily and with no pain.
Copy Link
You can download the SSL Certificate directly from the SSL Certificate page within your SSL Dragon account.
Simply use the Download Intermediate/Chain and Download Certificate buttons.
Or you can use the Send Certificate button, too.
We provide you the SSL Certificate in the exact same format in which we get it from the Certificate Authority.
Also, you can use any text editing tool such as Notepad and create the actual files that you need:
Go to your SSL Dragon account, then to your SSL Certificate details page, you will find the 3 large pieces of codes that your SSL Certificate is made of:
- The CSR code is the one which you generated along with your Private Key, and which you used to configure your SSL Certificate. If you need this code as a file, you can copy and paste this code in Notepad, and then save it as a .csr format file.
- The CRT code which is your actual SSL Certificate code. Save this one as a .crt format file.
- The CA Bundle code has the root and intermediate certificates in it. Save this one as a .ca-bundle format file.
You won’t be able to find your Private Key inside your SSL Dragon account, because we don’t have it, and we don’t store it. Private Keys are private, and it is only you who should have it. If you cannot find your Private Key, we recommend reading this article so as it may help you to find it, or generate a new one.
Copy Link
If you go to your SSL Dragon account, then to your SSL Certificate details page, you will find the 3 large pieces of codes that your SSL Certificate is made of:
1) The CSR code is the one that you generated along with your Private Key, and which you used to configure your SSL Certificate
2) The CRT code which is your actual SSL Certificate code
3) The CA Bundle code contains the root and intermediate certificates in it
Also, listed below you will find all the Sectigo Root and Intermediate CA certificates and the bundle files required to complete the SSL certificate installation across various servers and email clients.
DV ECC Files
DV RSA files
- Sectigo RSA DV CA – TXT file
- USERTrust RSA CA – TXT file
- RSA DV Bundle – TXT file
- RSA DV Bundle with SHA-1 – TXT file – includes SHA-1 AddTrust External Root CA required for legacy platforms and Zimbra.
OV ECC files
OV RSA files
- Sectigo RSA OV CA – TXT file
- USERTrust RSA CA – TXT file
- RSA OV Bundle – TXT file
- RSA OV Bundle with SHA-1 – TXT file – includes SHA-1 AddTrust External Root CA required for legacy platforms and Zimbra.
EV ECC files
EV RSA files
- Sectigo RSA EV CA – TXT file
- USERTrust RSA CA – TXT file
- RSA EV Bundle – TXT file
- RSA EV Bundle with SHA-1 – TXT file – includes SHA-1 AddTrust External Root CA required for legacy platforms and Zimbra.
Code Signing – Intermediate
Standard
- Sectigo RSA Code Signing CA – TXT file
EV Code Signing
- Sectigo RSA Extended Validation Code Signing CA – TXT file
For Code Signing Certificates, issued on or after June 1, 2021
Standard
- Sectigo Public Code Signing CA R36 – TXT file
- SectigoPublicCodeSigningRootR46_AAA [ Cross Signed ] – TXT file
EV Code Signing
- Sectigo Public Code Signing CA EV R36 – TXT file
- SectigoPublicCodeSigningRootR46_AAA [ Cross Signed ] – TXT file
Secure Email
- Sectigo RSA Client Authentication and Secure Email CA – TXT file
Note: Few legacy systems that no longer receive updates from their vendor may not trust Sectigo SHA-2 Certificates. To enable them to trust the SHA-2 Certificates, Sectigo recommends including the Cross Signed Certificate into the Server Certificate chain. This will enable those legacy systems to trust the SHA-2 Certificates.
Source: Sectigo’s Knowledge Base
Copy Link
You can get the SSL Certificate from your SSL Dragon account by following the next steps:
1) Log into your SSL Dragon account;
2) Go to SSL Certificates;
3) Then go to My SSL Certificates;
4) You will see the list of products which you bought from us. Click on the SSL Certificate which you bought;
5) When you are on the SSL Certificate page, scroll down, and you will see the codes that the SSL Certificate is made of.
The 3 large pieces of codes that you will see are:
1) The CSR code is the one that you generated along with your Private Key, and which you used to configure your SSL Certificate. If you need this code as a file, you can copy and paste this code in Notepad, and then save it as a .csr format file.
2) The CRT code which is your actual SSL Certificate code. Save this one as a .crt format file.
3) The CA Bundle code has the root and intermediate certificates in it. Save this one as a .ca-bundle format file.
You won’t be able to find your Private Key inside your SSL Dragon account, because we don’t have it, and we don’t store it. Private Keys are private, and it is only you who should have it. If you cannot find your Private Key, we recommend reading this article so as it may help you to find it, or generate a new one.
Copy Link
After installing an SSL Certificate on your website, you can also let your visitors and customers know that your website is secure by adding a site seal somewhere on a prominent place on your website. You can choose to place the site seal in the footer of your website, or on the checkout page where customers have to enter their credit card information, or in both these places.
Site seals are of two types: static and dynamic. All Domain Validation SSL Certificates come with a static site seal, which is basically an image. All Business Validation and Extended Validation SSL Certificates come with a dynamic site seal that can be hovered or clicked on, and they will show the name of your company, will confirm that your website was issued a legitimate SSL Certificate, and will prove that your website belongs to your company.
Site Seals for RapidSSL SSL Certificates
If you purchased an SSL issued by RapidSSL, you can get your site seal at the following link:
https://knowledge.rapidssl.com/support/ssl-certificate-support/index?page=content&id=SO14424
Site Seals for GeoTrust SSL Certificates
If you purchased an SSL issued by GeoTrust, you can get your site seal at the following link:
https://www.geotrust.com/support/seal/agreement/installation-instructions/
Site Seals for Thawte SSL Certificates
If you purchased an SSL issued by Thawte, you can get your site seal at the following link:
https://www.thawte.com/ssl/secured-seal/installation-agreement/
Site Seals for DigiCert SSL Certificates
If you purchased an SSL issued by DigiCert, you can get your site seal at the following link:
https://www.digicert.com/site-seal-conversion-rate-benefits.htm
Sectigo Site Seals
If you purchased a Sectigo SSL you can download the dynamic site seal at the following link: https://sectigo.com/trust-seal
GoGetSSL Site Seals
If you purchased a GoGetSSL SSL you can download the dynamic site seal at the following link https://www.gogetssl.com/wiki/installation/gogetssl-site-seal-installation/
Copy Link
There are many different ways to install an SSL Certificate, and they all depend on your SSL Certificate brand, the webserver type, the operating system on your server, and the web hosting panel that you have on your server.
This being said, please check our Installation Articles to get detailed instructions on how to install your SSL Certificate on about 44 different server types, hosting panels, and operating systems.
Also, here are links to documentation on how to install your SSL Certificate on your server, based on the SSL Certificate brand that you have:
– Sectigo
– Thawte/RapidSSL/GeoTrust/DigiCert
– GoGetSSL
We always recommend you get specialized help with your SSL Certificate installation. If you have a web developer or a system engineer, then they would be the right people to help you with your SSL Certificate installation.
Copy Link
Some servers and hosting companies may require you to submit your SSL Certificate in a different format than the original format in which your SSL Certificate was provided to you. Here are some links with instructions on how to convert an SSL Certificate to different file formats:
CRT to PFX format conversion
1. Get PFX from CRT and txt containing private key for Azure
2. Bind an existing custom SSL certificate to Azure Web Apps
3. Exporting the SSL Certificate as a PFX file from IIS server
4. Convert your certificate to PFX
Convert .CRT to.CER file
It is easy to switch from .CRT format to .CER format. They are basically interchangeable. You can change the SSL Certificate extension/format by going with the steps written below:
- Copy and paste the CRT code which you got from your SSL Certificate’s details page in your SSL Dragon account and use Notepad to create a mywebsite.crt file from it;
- Double click on the mywebsite.crt file to open it and see the certificate being displayed;
- Click on the “Details” button, and then click on the button that says “Copy to File”;
- When you are on the Certificate Wizard, click “Next”;
- Then select Base-64 encoded X.509 (.CER), then click “Next” again;
- Click on “Browse” to choose the location where you want to save the converted file, and enter the desired name for your file (e.g.: mywebsite.cer);
- Finally, click “Save”, and you will have the .CRT to .CER conversion complete;
- You can get the mywebsite.cer file from the folder where you selected to save it to.
Copy Link
Sometimes, the SSL Certificate which was issued to you does not match the Private Key which you are trying to use when installing that SSL Certificate on your server. That is a common user generated error.
If the system says there is a mismatch, then you need to double check the CSR and Private Key which you generated, and which came together. You need to make sure that you used that specific CSR when you configured your SSL Certificate. When the SSL Certificate is issued, you need to use the Private Key that pairs with that specific CSR.
We see customers making the mistake where they generate one CSR and Private Key, then configure the SSL Certificate with a different CSR that is server generated. In that case the server generated CSR pairs with its own Private Key which you most probably don’t have.
The Private Key which you have works only with the CSR that it came with. Also, the Private Key which you have works only with the SSL Certificate that was configured using the CSR that pairs with that Private Key.
Solution
To solve this, you need to re-configure (re-issue) your SSL Certificate using a CSR code for which you have the Private Key that it pairs with. You may want to use a CSR code that your server provides, or generate a new CSR and Private Key.
Copy Link
You can install your Sectigo CPAC Certificate as soon as it has been issued to you.
Here are installation instructions for different browsers, email clients, and mobile devices provided by Sectigo:
- https://support.sectigo.com/Com_KnowledgeProductPageFaq?c=SMIME_PAC_Personal_Authentication_Cert&k=&lang=
- https://www.comodo.com/support/products/authentication_certs/setup/
Copy Link
You can find detailed documentation about the SSL Certificates’ best installation practices at SSL Labs.
Copy Link