Thursday, April 30, 2015

Step-by-step guide to purchase SSL certificate at GoDaddy, install at 3rd party host

My last blog post was a Step-by-step guide to transfer a domain name to GoDaddy.  Another process I have to do occasionally that involves quite a few steps is purchasing and installing an SSL certificate.  To me, these steps are easier to figure out than the domain transfer steps, but there are still enough of them that I wanted to write them down. I'm installing my SSL Certificate at DiscountASP.Net, but the process should be almost identical for installing at any other 3rd party web host.

One thing to note before purchasing the certificate...if you have an existing certificate, then you'll probably want to "Renew" it.  If you have an existing certificate that is expiring and you follow these steps, then you'll be completely replacing it with the new one.  If your existing one actually has two months before it expires, then you'll really be wiping out those two months since your new certificate will be good for 1 year (or however many you purchase) from the day you create it.  Existing certificates can be renewed, but these instructions are for a new one.

1) Log in and go to the SSL Certificates section of your "My Account" page.  First we need to buy a new SSL certificate credit.  Click "Buy Additional Plans"

2) The next screen that comes up is just a promotional splash screen.  Just click "Get Started" to get to the next page.

3) The next page lists the types of SSL certificates.  I've always just purchased Standard SSL.  It protects one full domain name, like  It does not cover subdomains like  I don't care about that.  I usually have a server side script on all my pages that require SSL  that checks if the page is using https, and if not, then it redirects them to the URL that does use https.  So at that time, I can also change the domain name to the specific domain name that I'm purchasing the certificate for.  Then select your term (one to three years) and click "Add to Cart"

4) Enter a promo code if you have one, otherwise just click the "Proceed to Checkout" button

5) Check your contact info and payment type, agree to terms and click "Place Order".  Hopefully you'll see a confirmation that says something like "Go Time".  If so, click on the SSL Certificates button, which takes you back to SSL Certificates section of My Account.  Now you should see a new entry that says "STANDARD SSL (1 YEAR) (ANNUAL)", or something similar for whatever type and term you purchased.

6) Click "Set Up".  Then there will be a pop-up that asks "Which order do you want to associate with this SSL Certificates account?".  You probably will have only one item in the drop down list, so just choose that one.  When the popup closes, you won't see the new certificate right away.  But if you just leave the page open a little while, it will refresh itself and then you'll see the new certificate listed as "NEW CERTIFICATE", as below

7) Click Manage.  That will take you to the Certificates management area.  There is a line for each of your certificates.  On the line for your "New certificate", there is a Set Up icon.  Click that.

8) Finally, we've reached the screen to enter the Certificate Signing Request (CSR).  This CSR must be generated by the server on which you plan to install he certificate.  That means its time to move to your 3rd party host.  In my case, this is DiscountASP.Net.  Keep this window open.

9) In a new window, log in to your web hosting account.  You should have some option for SSL Management on your hosting account.  When you find it, it should let you generate a CSR.  Here is how it looks at DiscountASP.Net

10) Generate the CSR. It will ask you to supply the fields shown above: Common Name, Organization Name, Organization Unit, City, State, Country.  The Common Name is the specific domain for which you want the certificate to work, so be sure to choose and enter that carefully.

NOTE: Your web hosting company may charge you an additional fee in order to install a certificate.  This is because they may need to give you a static IP address if you don't already have one.  The SSL Add-on at DiscountASP.Net is $10/month.

11) Your host will generate a huge block of text that starts with "-----BEGIN NEW CERTIFICATE REQUEST-----" and ends with "-----END NEW CERTIFICATE REQUEST-----".  Copy *ALL* of that, including those BEGIN and END lines, and paste it in the CSR form back at GoDaddy.  Agree to the terms and then click "Request Certificate"

12) Now you just have to wait a little while.  If your domain is registered at GoDaddy, then they know you own it, and they will skip you through the Domain Ownership verification.  Otherwise, you may have to put a file on your server so that GoDaddy can verify that you own the domain

13) After waiting several minutes, your certificate will be issued and you should see something like below.  Click Download.  (If you have to complete  verification steps GoDaddy asks you to do, then you may not get to the Download option on this screen, but you can find it back in the SSL Certificates section of My Account.

14) Choose the server type on which you are installing -- IIS, Apache, etc. -- and click "Download Zip file".  Save it wherever you want.  The .zip file has the files that you need that are relevant to the server type you choose.  In the case of IIS, the file we'll be after is the .crt file in the zip file (that may be true for all server types)

15) Extract the contents of the zip file and open the .crt file in a text editor, like Notepad.  This file contains another huge block of text that starts with "-----BEGIN CERTIFICATE-----" and ends with "-----END CERTIFICATE-----"

16) Copy *ALL* the text from the file, including the -----BEGIN CERTIFICATE----- and -----END CERTIFICATE-----, and go back to the SSL management at your web host.  There should be a text box where you can paste in this copied text.  At DiscountASP.Net its on the same page as the CSR, and it says "Install your SSL Certificate".  Paste your certificate text into that text box and click "Install Certificate" (Of course I got logged out while I was over at GoDaddy, so you may want to make sure your session is still active)

That's it! If the installation is successful, then your new certificate should be active right away.