bg-tutorials

How to Install an SSL Certificate on BigCommerce

This guide shows you how to install an SSL certificate on BigCommerce. BigCommerce is a hosted SaaS platform, so you do not manage a web server. The certificate is uploaded through the store’s admin panel. There are two paths to HTTPS, and most stores only need the first.

Option 1: Free automatic SSL (default for most stores)

Every BigCommerce store comes with a free SSL certificate that is provisioned automatically once a custom domain is connected. The certificate is issued through DigiCert’s Encryption Everywhere program, renews on its own, and requires no upload. Use this path unless you have a specific reason to install your own certificate (for example, an Extended Validation certificate with a branded name, or a corporate compliance requirement).

Step 1: Point your domain to BigCommerce

At your DNS provider, create a CNAME record that points your store’s host name (usually www) to the BigCommerce target host name shown in your store’s domain settings. For the apex domain (example.com with no www), use the A or ALIAS record values BigCommerce gives you in the same screen. DNS changes can take up to a few hours to propagate.

Step 2: Add the custom domain in BigCommerce

In the BigCommerce control panel, open Settings > Domain names (for an additional storefront, open the corresponding Channels entry and use its domain settings). Add your custom domain and set it as the primary domain. Once DNS resolves to BigCommerce, the free SSL certificate is issued and attached automatically. The status changes from pending to active within a few minutes in most cases, and up to a few hours if DNS is still propagating.

Step 3: Confirm the storefront is on HTTPS

Open your storefront in a browser and verify the padlock loads on the home page and a product page. BigCommerce serves HTTPS automatically once the domain is active. No further action is required for the free SSL path.

Option 2: Install a third-party SSL certificate

Use this path if you bought a certificate from a Certificate Authority (CA) and want BigCommerce to serve it on your storefront. Typical reasons are an Extended Validation certificate, a wildcard covering subdomains you also use elsewhere, or a corporate policy that mandates a specific issuer.

You will need three things, all in PEM format (text starting with —–BEGIN CERTIFICATE—– or —–BEGIN PRIVATE KEY—–):

  • Your server certificate, the file signed for your domain. It is in the archive your CA sent you, usually with a .crt extension.
  • Your intermediate certificates, often delivered as a .ca-bundle file. This is the chain that links your certificate back to a trusted root.
  • Your private key, the file you generated alongside the CSR. BigCommerce needs it to serve HTTPS, so locate it before you start.

The root certificate is not required and is already trusted by browsers.

Generate the CSR

If you already generated your CSR and private key, skip to the installation steps below.

A CSR (Certificate Signing Request) is a block of encoded text that carries the contact details and the public key your CA signs. The matching private key is generated at the same time and must be kept safe; the certificate will not work without it.

BigCommerce does not generate the CSR for you. You have two options:

Submit the CSR to your CA during the order. After they validate and issue the certificate, you will receive a ZIP archive containing the certificate file, the intermediate bundle, and (depending on the CA) the root. Continue with the installation below.

Install an SSL certificate on BigCommerce

Step 1: Open the SSL Certificate page in your control panel

Sign in to your BigCommerce control panel as the store owner. Third-party SSL installation is available on Pro and Enterprise plans. For the default storefront, open Server Settings > SSL Certificates (some accounts now also expose the same screen under Storefront > SSL Certificates, and you can reach it from Settings > Domain names and then the SSL Certificate option for that domain). For an additional storefront, open the corresponding Channels entry and use the SSL settings for that channel’s domain.

Step 2: Choose to install a third-party SSL

Under Install a third-party SSL certificate, click Install a third-party SSL. The upload form opens with three fields.

Step 3: Paste the certificate, key, and intermediate bundle

Open the three files in a plain text editor (Notepad, TextEdit in plain text mode, or VS Code) and copy each one in full, including the —–BEGIN …—– and —–END …—– lines. Paste each into the matching field:

  • SSL Certificate: paste the contents of your server certificate file (the one issued for your domain, usually .crt).
  • RSA Private Key: paste the private key you generated with the CSR.
  • CA Certificate: paste the intermediate bundle (often the .ca-bundle file). If the file contains more than one certificate block, paste the whole file as-is.

Click Save (or Install, depending on the screen). BigCommerce validates that the key matches the certificate and that the chain is complete, then installs the certificate. The process can take 15 to 30 minutes to finish on BigCommerce’s edge.

Step 4: Force HTTPS on your storefront

Once the certificate is active, redirect HTTP traffic to HTTPS so visitors always land on the secure version. The setting lives in the same area as the SSL screen and is usually labelled TLS/SSL or HTTPS. Enable the Secure (HTTPS) site option and the Force HTTPS (or HTTPS forced) toggle. After saving, every storefront URL serves over HTTPS.

Your BigCommerce store is now live on HTTPS with your own certificate.

Test the SSL installation

After installing, scan the storefront to confirm the certificate is served correctly and the chain is complete. Open your store over https:// and check the padlock, then run a deeper check with our SSL Checker for an instant report on the certificate, the intermediate chain, and the supported protocols.

Frequently Asked Questions

Does BigCommerce provide a free SSL certificate?

Yes. Every BigCommerce store gets a free SSL certificate, issued through DigiCert’s Encryption Everywhere program, that attaches to your custom domain automatically after DNS points to BigCommerce. It renews on its own and is enough for most stores.

When do I need a third-party SSL certificate on BigCommerce?

Use a third-party certificate when the free Encryption Everywhere option is not enough for your use case: you want an Extended Validation certificate with your company name shown in browsers that still display it, you need to reuse a wildcard certificate across other systems, or a compliance policy requires a specific Certificate Authority.

Do I need to upload the root certificate to BigCommerce?

No. Browsers ship with trusted root certificates. You only need to upload your server certificate, the intermediate bundle (CA Certificate field), and your private key.

My certificate upload fails with a key mismatch. What does it mean?

BigCommerce checks that the private key you paste actually matches the certificate. If they do not match, the upload fails. Confirm you generated the CSR and private key together, you are pasting the right key file (not an older one), and the file is the unencrypted PEM key (starts with —–BEGIN PRIVATE KEY—– or —–BEGIN RSA PRIVATE KEY—–, not an encrypted block).

How long does the install take on BigCommerce?

The upload itself is instant, but BigCommerce takes about 15 to 30 minutes to roll the certificate out across its edge. During that window, you may see the old certificate or a mixed state. Wait for the status in the SSL Certificates screen to change to active before scanning the site.

Can I install an SSL certificate on more than one storefront?

Yes. Each storefront has its own domain and its own SSL settings. The default storefront is managed from the main control panel; additional storefronts are managed from the corresponding Channels entry. Repeat the steps above per storefront.

Save 10% on SSL Certificates when ordering from SSL Dragon today!

Fast issuance, strong encryption, 99.99% browser trust, dedicated support, and 25-day money-back guarantee. Coupon code: SAVE10

A detailed image of a dragon in flight
Written by

I've been writing for SSL Dragon for over 10 years, focusing entirely on SSL certificates and digital security. My job is to take complex cybersecurity topics and strip away the jargon, making sure you get the clear, practical information you need to keep your website safe.