SSL Installation FAQs

How do I download my certificate files?

When the certificate is issued, the Certificate Authority (CA) will send an email to the Technical Contact listed on the order. That email will contain the certificate files. You can also download the certificate files from the Order Details page.

What is an Intermediate certificate?

An intermediate certificate is a file that helps the web browser identify who issued your SSL certificate. It is not required, but it is HIGHLY recommended that you install it along with your server SSL certificate in order to have full compatibility with all desktop & mobile browsers and mobile devices. know more

Where do I get my Intermediate certificate?

An intermediate certificate will be emailed to you along with your SSL certificate. You can also download the intermediate certificate from the vendor's website, which is something that can be done if you didn't receive the intermediate via email. This is also sometimes referred to as the "CA Bundle." It is also important to note that some certificates have multiple intermediate certificates.

What if I can only use one certificate file?

If your hosting platform or company tells you that you can only use one certificate file, then you can combine your server certificate text with the intermediate file text.

I have received .CRT files but I need .CER files for installation on my Microsoft Windows server. How do I get .CER certificate files?

Both .CRT and .CER files contain the same text X.509-encoded certificate. So in most cases you can simply rename the extension to .CER and it should work. However, if the (Windows) server does not accept the file and requires to use binary X.509-encoded .CER file extension, then you could change the encoding within 2 minutes with the following steps:

  • Double-click the .CRT file and open it into the certificate display.
  • Click open the Details tab and then select the Copy to file button.
  • Click Next on the Certificate Wizard.
  • Choose Base-64 encoded X.509 (.CER), then click Next.
  • Choose Browse and type in the filename (for eg: website_name).
  • Click Save. Now the file is converted to .CER and saved as "website_name.cer"

I have received .CRT files from Comodo CA but I also need .CA-BUNDLE file for installation. How do I get the .CA-BUNDLE certificate file?

You can do this using your favorite text editor in a few steps.

# Root CA Certificate - AddTrustExternalCARoot.crt
# Intermediate CA Certificate 1 - ComodoRSAAddTrustCA.crt
# Intermediate CA Certificate 2 - ComodoRSADomainValidationSecureServerCA.crt

Note: You will not need your SSL certificate for this exercise.

1. Open all 3 files mentioned above in your text editor. (Remember, not to open your domain certificate file.)
2. Create a new blank text file.
3. Copy contents of all 3 files in reverse order and paste them one below the other into the new file in the following order:
     Intermediate 2
     Intermediate 1
     Root Certificate
4. Save the newly created file as 'yourDomain.ca-bundle'.

Are there any things I need to do before I install the SSL certificate?

You will need to reduce the impact on SEO for an existing website. Then you need to check a few things before installing the certificate.

How to install an SSL certificate?

SSL certificates have to be installed based on the type of access you have to the web server. It is recommended you have a technical expert to help you. It should be someone who knows how to do this using your web server access. SSL certificates purchased from us can be set up on most shared hosting and dedicated/cloud servers. Contact your shared hosting/server provider for details of installing externally purchased SSL certificates on their offerings.

Here are some common do-it-yourself SSL installation scenarios. The process is exactly the same for a specific platform across certificates of any brand.

**We recommend you check the ratings/reviews before choosing to outsource.

Can I install or use the third-party SSL certificates purchased here on GoDaddy web hosting?

GoDaddy allows third-party SSL certificate installs on some of its products. Visit this link for details. If you still need more info, you should check with GoDaddy Support.

Can I install or use the third-party SSL certificates purchased here on BlueHost web hosting?

BlueHost allows third-party SSL certificate installs on some of its products. Visit this link for details. If you still need more info, you should check with BlueHost Support.

Can I install or use the third-party SSL certificates purchased here on HostGator web hosting?

HostGator allows third-party SSL certificate installs on some of its products. Visit this link for details. If you still need more info, you should check with HostGator Support.

Can I install or use the third-party SSL certificates purchased here on Heroku web hosting?

Heroku allows third-party SSL certificate installs on domains attached to their paid dynos. Visit this link for details. If you still need more info, you should check with Heroku Support.

Can I install or use the third-party SSL certificates purchased here on the Zencommerce platform?

Zencommerce allows third-party SSL certificate installs on the e-commerce stores hosted with them. Visit this link for details. Check with the Zencommerce support team on the web server details you need to provide before purchasing your certificate. After receiving your certificate files, you will need to send them to the Zencommerce support team to install it for your store.

Can I install or use the third-party SSL certificates purchased here on Amazon EC2 and AWS cloud hosting?

Amazon AWS allows third-party SSL certificate installation. There are TWO ways to use third-party certificates on AWS:

  • Setup the certificate with its private key on the Amazon EC2 instance with the web server. In this method, you would set it up following the instructions for the web server platform as mentioned above. (see How to install an SSL certificate above)
  • If you need to use other AWS services then you need to use Amazon Certificate Manager. (see this support article)

Can I install or use the third-party SSL certificates purchased here on Microsoft Azure cloud hosting?

Microsoft Azure allows third-party SSL certificate installation. To know more read this support article.

How can I install my SSL certificate on more than one server?

First, check your certificate license. There are two methods to install your certificate on multiple servers. The first method is to import the certificate, private key, and intermediate files on servers #2, #3, etc. Or, create a new CSR and key file on servers #2, #3, etc. and reissue the active certificate.

I have accidentally deleted my "private key" what can I do now?

First check your backups and see if you can re-install the "private key". If you don't know how to re-install the key from your backups, contact your systems administrator. Failing that, contact your web server software vendor for technical support. The only alternative course of action available is a re-issuance of the certificate following the re-submitting of a fresh CSR for the same Common Name. Certificate re-issue can be initiated via the Order Details page.

I have changed my server or moved to a different provider. How do I move the certificate?

The easiest way is to create a new CSR on the new machine for the same Common Name and have the certificate re-issued. Alternately, contact your new web hosting service provider to assist you in this process.

My certificate works in my browser, but my visitors get a Security Alert that says 'The security certificate was issued by a company you have not chosen to trust...' What is the problem?

The issue is that your visitors' browsers are unable to properly identify who issued your certificate. First, confirm that your visitors are not seeing an incorrect or outdated certificate. Some web server services need to be restarted after installing new/updated certificates. Once you have made sure that your visitors are seeing the correct certificate, the issue is most likely solved by installing the intermediate certificates.

Do I need a dedicated/static IP address to use an SSL certificate?

Yes, you must have a static IP address for an SSL certificate. If you do not have one, you may be able to assign one via your webserver or you may need to purchase one from your web host if you own/operate your webserver.

My browser is not showing the green padlock / secure icon, why?

There are several reasons why this could be occurring or a combination of several. The four most common reasons are:

  1. Insecure content, which means there are HTML elements on your site being explicitly linked by HTTP. This would need to be updated via your system administrator.
  2. Missing or invalid intermediate chain. Your certificate is issued from an intermediate file. Make sure that you install this alongside your certificate on your server. If you do not have this file please contact us from your Order Details page.
  3. Your older certificate may have been issued with the SHA-1 hashing algorithm. Browsers no longer trust this algorithm. You will need to reissue with SHA-2. You can reissue your certificate yourself from your Order Details page. Every reissue will need the domain validation process to be performed again.
  4. It is the incorrect certificate. Sometimes your old expired certificate or a certificate provided by your hosting company or a self-signed certificate is installed on your site. You will need to identify the source of the incorrect certificate and contact that party to resolve the issue.

Use this free online tool to know more.

When trying to go to the site over HTTPS, it displays the message 'The page cannot be displayed.' Why is that?

There are actually many reasons why this could be happening, some of which could be entirely unrelated to your certificate. So, unfortunately, we can't give specific advice. But, we would recommend clicking on the "Details" button to get more specific information about this error from the browser.

Why does the website say the name on the security certificate does not match the name of the site?

This means that URL in the browser and the common name in the certificate are not an EXACT match (for instance, the www. is missing). Another common reason for this is the web host's certificate is incorrectly assigned to your domain name. Or, you purchased a certificate that does not cover the specific subdomain you are looking at.

Why does the website say the SSL certificate is 'Untrusted'?

This is more than likely because the intermediate certificates were never installed. Installing them should resolve this error.

How can I check to see that my SSL certificate works properly and has been installed correctly?

You can use our SSL checker tool to test whether or not your SSL certificate has been installed properly.

How do I install the Site Seal for my SSL certificate?

You can download & setup your respective Site Seal by following the instructions: